Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-71333

Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially enabling remote code execution and server compromise.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 40.0%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-71333


Contact Us

Shodan ® - All rights reserved