COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-71338

CVE-2025-71338

Severity
critical
Source
NVD · cve
Published
2026-06-25
CVSS
10.0
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-71338
⚡ RCE shame 50/100 rce

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical f

Players implicated

flowiseai · vendorflowise · product

Description

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like package.json and achieve remote code execution when the application restarts.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.