CVE-2025-61913: Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, Wri
Summary
Flowise is a visual tool for building custom LLM (large language model) workflows, but versions before 3.0.8 have a path traversal vulnerability (a security flaw where attackers can access files outside intended directories) in its file read and write tools. Authenticated attackers could exploit this to read and write any files on the system, potentially leading to remote code execution (running malicious commands on the server).
Solution / Mitigation
Upgrade to Flowise version 3.0.8, which fixes this vulnerability. The patch is available at https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.8.
Vulnerability Details
9.9(critical)
EPSS: 0.6%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-61913
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 95%