{"data":{"id":"983ac3e1-da0a-40f4-91bf-e13e43fecc5a","title":"CVE-2025-61687: Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in ","summary":"Flowise version 3.0.7 has a file upload vulnerability that lets authenticated users (people with login access) upload any file type without proper checks. Attackers can upload malicious Node.js web shells (programs that let someone run commands on a server remotely), which stay on the server and could lead to RCE (remote code execution, where an attacker runs commands on a system they don't own) if activated through admin mistakes or other vulnerabilities.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-61687","publishedAt":"2025-10-06T16:15:35.223Z","cveId":"CVE-2025-61687","cweIds":["CWE-434"],"cvssScore":"8.3","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["FlowiseAI","Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00126,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-1"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}