{"data":{"id":"87941bf1-fa10-4cb3-a79b-8e5ad81ee7b0","title":"CVE-2025-61913: Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, Wri","summary":"Flowise is a visual tool for building custom LLM (large language model) workflows, but versions before 3.0.8 have a path traversal vulnerability (a security flaw where attackers can access files outside intended directories) in its file read and write tools. Authenticated attackers could exploit this to read and write any files on the system, potentially leading to remote code execution (running malicious commands on the server).","solution":"Upgrade to Flowise version 3.0.8, which fixes this vulnerability. The patch is available at https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.8.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-61913","publishedAt":"2025-10-08T23:15:31.357Z","cveId":"CVE-2025-61913","cweIds":["CWE-22"],"cvssScore":"9.9","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00632,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}