CVE-2025-8943

high-risk

Published 2025-08-14

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands.

Do I need to act?

84.0% chance of exploitation in next 30 days

EPSS score — higher than 16% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Flowise

Affected Vendors

Flowiseai

References (1)

Exploit https://research.jfrog.com/vulnerabilities/flowise-os-command-remote-code-execut...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 20/34 · Moderate

Exposure 5/34 · Minimal