CVE-2025-8943

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://research.jfrog.com/vulnerabilities/flowise-os-command-remote-code-execution-jfsa-2025-001380578/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-08-14 10:15

Updated : 2025-09-23 15:23

NVD link : CVE-2025-8943

Mitre link : CVE-2025-8943

CVE.ORG link : CVE-2025-8943

JSON object : View

Products Affected

flowiseai

flowise

CWE

CWE-306

Missing Authentication for Critical Function

CWE-862

Missing Authorization

{"id": "CVE-2025-8943", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-08-14T10:15:29.637", "references": [{"url": "https://research.jfrog.com/vulnerabilities/flowise-os-command-remote-code-execution-jfsa-2025-001380578/", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands."}, {"lang": "es", "value": "La funci\u00f3n MCP personalizados est\u00e1 dise\u00f1ada para ejecutar comandos del sistema operativo, por ejemplo, mediante herramientas como `npx` para activar servidores MCP locales. Sin embargo, el modelo de autenticaci\u00f3n y autorizaci\u00f3n inherente de Flowise es m\u00ednimo y carece de controles de acceso basados en roles (RBAC). Adem\u00e1s, en versiones de Flowise anteriores a la 3.0.1, la instalaci\u00f3n predeterminada funciona sin autenticaci\u00f3n a menos que se configure expl\u00edcitamente. Esta combinaci\u00f3n permite a atacantes de red no autenticados ejecutar comandos del sistema operativo sin protecci\u00f3n de seguridad."}], "lastModified": "2025-09-23T15:23:05.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67090261-4C17-4E9D-98D7-4A321FA32C24", "versionEndExcluding": "3.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}