CVE-2025-8943

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://research.jfrog.com/vulnerabilities/flowise-os-command-remote-code-execution-jfsa-2025-001380578/

Configurations

No configuration.

History

14 Aug 2025, 13:11

Type	Values Removed	Values Added
Summary		(es) La función MCP personalizados está diseñada para ejecutar comandos del sistema operativo, por ejemplo, mediante herramientas como `npx` para activar servidores MCP locales. Sin embargo, el modelo de autenticación y autorización inherente de Flowise es mínimo y carece de controles de acceso basados en roles (RBAC). Además, en versiones de Flowise anteriores a la 3.0.1, la instalación predeterminada funciona sin autenticación a menos que se configure explícitamente. Esta combinación permite a atacantes de red no autenticados ejecutar comandos del sistema operativo sin protección de seguridad.

14 Aug 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-14 10:15

Updated : 2025-08-14 13:11

NVD link : CVE-2025-8943

Mitre link : CVE-2025-8943

CVE.ORG link : CVE-2025-8943

JSON object : View

Products Affected

No product.

CWE

No CWE.

9.8 /10