External risk intelligence

Flowise Arbitrary File Upload Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2025-71333

Flowise is commonly deployed as a web-based API and application platform. The vulnerability exists within an API endpoint (/api/v1/attachments) designed for handling user uploads, which is frequently exposed to the network to facilitate application functionality.

Path Traversal

Flowiseai Flowise

2.2.4 and earlier

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

The Flowise platform, specifically versions up to 2.2.4, has a critical vulnerability allowing unauthenticated file uploads via an API endpoint. This could enable attackers to upload malicious files, potentially leading to remote code execution and compromise of your systems.

  • Unauthenticated file upload flaw in Flowise.
  • Affects core application functionality.
  • Confirm relevance and assess exposure.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this vulnerability by sending a crafted request to the attachments API endpoint, even without authentication. By manipulating the `chatId` and `chatflowId` parameters, the attacker can bypass intended file upload restrictions. This could allow for the upload of malicious files to arbitrary locations on the server, potentially leading to remote code execution and full system compromise.

  • Unauthenticated network access required.
  • Uploading files via API endpoint.
  • Server compromise and remote code execution.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated attacker to upload arbitrary files to arbitrary directories on a Flowise instance when the local storage type is configured. This could lead to the execution of malicious code on the server, potentially compromising the entire system.

  • Arbitrary files could be uploaded.
  • Malicious files could be placed on the server.
  • Remote code execution is a possibility.

Operational Fix

Recommended remediation, mitigation, and detection steps

This critical vulnerability in Flowise affects applications with local storage enabled on the `/api/v1/attachments` endpoint. Ownership likely falls to application or platform teams responsible for Flowise deployments, with initial steps focusing on confirming asset presence, exposure, and business criticality. Coordination with infrastructure or security teams may be needed for broader impact assessment and remediation planning.

  • Confirm Flowise asset inventory and exposure.
  • Identify accountable application or platform owner.
  • Plan remediation based on confirmed risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Flowise?

Flowise is a platform used to build and manage LLM-powered applications through a drag-and-drop visual interface. It acts as an orchestration tool that connects various AI components and workflows. Because it is often deployed to provide these capabilities over a network, it maintains API endpoints to handle data exchange and file processing for the applications it powers.

What is the vulnerability in CVE-2025-71333?

This vulnerability is classified as CWE-73: External Control of File Name or Path. It occurs when an application accepts user-provided input to define a file path without sufficient validation. In this specific case, an attacker can manipulate parameters in a file upload request to save files to unauthorized locations on the server, which can lead to the execution of malicious code.

How can an attacker trigger this bug?

An attacker triggers this by sending a specially crafted request to the /api/v1/attachments endpoint. The bug specifically requires the Flowise instance to be configured to use local storage for files. It will not be triggered if the system is configured to use other storage backends, as the flawed path-traversal logic is tied to the handling of local file paths via the chatId and chatflowId parameters.

Is my Flowise instance at risk?

Halo Surface Signal indicates that because this vulnerability exists within an API endpoint typically exposed to the network to maintain application functionality, instances reachable over the internet are at higher risk. You should determine if your specific deployment is network-accessible and whether you have enabled local storage, as these factors significantly increase the likelihood of successful exploitation.

What are the first steps to address this?

Begin by identifying all Flowise installations within your environment to confirm if they are running a vulnerable version up to 2.2.4. Verify the storage configuration of each instance. Once identified, coordinate with the platform owners to restrict network access to the affected API endpoint until you can apply the necessary updates or transition away from local storage configurations.

References