{"data":{"id":"67ef462b-71bd-4695-9d63-c5cefde87c31","title":"CVE-2025-59527: Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side","summary":"Flowise version 3.0.5 contains a Server-Side Request Forgery vulnerability (SSRF, a flaw that lets attackers trick the server into making requests to internal networks on their behalf) in the /api/v1/fetch-links endpoint, allowing attackers to use the Flowise server as a proxy to access and explore internal web services. This vulnerability was patched in version 3.0.6.","solution":"Update to version 3.0.6, which contains the patch for this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-59527","publishedAt":"2025-09-22T20:15:39.387Z","cveId":"CVE-2025-59527","cweIds":["CWE-918"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00131,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}