CVE-2025-8943

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands.

Published: Aug 14, 2025
Updated: Aug 20, 2025
CVE: CVE-2025-8943
GHSA: GHSA-2vv2-3x8x-4gv7
Severity: Critical
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78
CWE-306

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
flowise	-	3.0.5.x

https://research.jfrog.com/vulnerabilities/flowise-os-command-remote-code-execution-jfsa-2025-001380578
https://research.jfrog.com/vulnerabilities/flowise-os-command-remote-code-execution-jfsa-2025-001380578/

Vulnerability Database

CVE-2025-8943