CVE-2025-71338— Flowise - Arbitrary File Write to Remote Code Execution via document-store API
Possible ATT&CK Techniques 3AI
T1105 · Ingress Tool Transfer T1059 · Command and Scripting Interpreter T1222 · File and Directory Permissions ModificationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-71338
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Flowise - Arbitrary File Write to Remote Code Execution via document-store API
Source: NVD (National Vulnerability Database)
Vulnerability Description
Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like package.json and achieve remote code execution when the application restarts.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
文件名或路径的外部可控制
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-71338
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-71338
请登录查看更多情报信息。
News Coverage for CVE-2025-71338 (1)
Other References for CVE-2025-71338 (1)
Same Patch Batch · Flowise · 2026-06-25 · 8 CVEs total
| CVE-2025-71336 | 9.8 CRITICAL | Flowise - Unsandboxed Remote Code Execution via Custom MCP |
| CVE-2025-71334 | 9.8 CRITICAL | Flowise - Arbitrary File Access via Missing Chat Flow ID Validation |
| CVE-2025-71327 | 9.1 CRITICAL | Flowise - Authentication Bypass via Unprotected Registration Endpoint |
| CVE-2025-71328 | 8.3 HIGH | Flowise - Unverified Password Change via Account Settings |
| CVE-2025-71335 | 8.1 HIGH | Flowise - Session Invalidation Failure After Password Change |
| CVE-2025-71324 | 7.5 HIGH | Flowise - Arbitrary File Read via chatId Parameter |
| CVE-2025-71333 | Flowise - Arbitrary File Upload via Unauthenticated /api/v1/attachments Endpoint |
IV. Related Vulnerabilities
Same product: Flowise
- CVE-2025-71336
Flowise - Unsandboxed Remote Code Execution via Custom MCP - CVE-2025-71334
Flowise - Arbitrary File Access via Missing Chat Flow ID Val - CVE-2025-71335
Flowise - Session Invalidation Failure After Password Change - CVE-2025-71333
Flowise - Arbitrary File Upload via Unauthenticated /api/v1/ - CVE-2025-71327
Flowise - Authentication Bypass via Unprotected Registration
Same vendor: Flowise
- CVE-2025-71336
Flowise - Unsandboxed Remote Code Execution via Custom MCP - CVE-2025-71334
Flowise - Arbitrary File Access via Missing Chat Flow ID Val - CVE-2025-71335
Flowise - Session Invalidation Failure After Password Change - CVE-2025-71333
Flowise - Arbitrary File Upload via Unauthenticated /api/v1/ - CVE-2025-71328
Flowise - Unverified Password Change via Account Settings
Same weakness: CWE-73
- CVE-2026-47214
Docling: Unsafe URI and Path Handling in HTML Backend - CVE-2025-71334
Flowise - Arbitrary File Access via Missing Chat Flow ID Val - CVE-2025-71333
Flowise - Arbitrary File Upload via Unauthenticated /api/v1/ - CVE-2025-71324
Flowise - Arbitrary File Read via chatId Parameter - CVE-2026-55477
Authenticated Arbitrary File Write via Database Import and X
V. Comments for CVE-2025-71338
No comments yet