Critical Security Flaw Discovered in FlowiseAI: What You Need to Know
A significant security vulnerability, identified as CVE-2025-58434, has been found in FlowiseAI, an open-source AI workflow automation tool. This flaw poses a serious risk, exposing users to potential account compromises whether they’re on the cloud-hosted version or using self-hosted setups that have vulnerable API endpoints.
Understanding the Vulnerability
At the center of this issue is the password reset feature of FlowiseAI. Specifically, the vulnerability lies within the /api/v1/account/forgot-password endpoint. It has been classified as an Unauthenticated Password Reset Token Disclosure and has received a critical CVSS v3.1 score of 9.8. This indicates a severe security risk, and the vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
This flaw was revealed by the security researcher HenryHengZJ and documented as GHSA-wgpv-6j63-x5ph. It affects all versions of FlowiseAI prior to 3.0.5, and currently, there is no available patch to secure the application.
How the Exploit Works
The core problem with FlowiseAI arises from the way it manages password reset requests. Instead of employing secure methods such as sending a reset token through email, the API responds directly with a JSON that includes sensitive account details. This reveals not only the user’s ID, name, email, and hashed credentials but, crucially, a valid password reset token along with its expiration time.
This unfortunate implementation allows attackers to easily exploit the vulnerability. They can submit any known or easily guessable email address and receive a valid password reset token. With this token, the attacker can reset the user’s password via another endpoint, /api/v1/account/reset-password, thus gaining full access to the victim’s account without any verification process.
A Simple Path to Exploitation
The process to take advantage of this vulnerability is alarmingly straightforward:
- Submit a Password Reset Request: The attacker inputs the email address of their target.
- Receive a Response: The API provides a response containing the reset token.
- Use the Token: The attacker uses the token to alter the password and access the victim’s account.
This flaw effectively enables attackers to bypass authentication and expose sensitive account information, even for users with administrative privileges.
Scope of the Affected Systems
The impact of this vulnerability is significant. It affects:
- The cloud-hosted service at cloud.flowiseai.com
- Any self-hosted deployments that operate a version lower than 3.0.5 and expose the mentioned API endpoint
Due to the nature of the vulnerability, where no prior access or user action is necessary, merely knowing a user’s email address greatly heightens the risk of exploitation.
Recommendations for Mitigation
Given the severity of CVE-2025-58434, it’s critical for organizations utilizing FlowiseAI to take immediate action to mitigate risks. Here are some recommended steps:
- Disable Public Access: Temporarily restrict access to the /api/v1/account/forgot-password endpoint until a security patch is issued.
- Revise API Responses: Avoid returning reset tokens or sensitive account details directly through APIs.
- Secure Token Delivery: Ensure that reset tokens are securely sent via email only after appropriate validation measures.
- Implement Generic Responses: Provide non-specific answers to password reset requests to avoid revealing whether the email is associated with an account.
- Enhance Token Security: Use short-lived, reusable tokens that include origin tracking.
- Monitor Logs: Keep an eye on logged activities to identify any unusual spikes in password reset requests.
- Consider Multi-Factor Authentication: Enforce multi-factor authentication, particularly for high-privilege accounts, to add an extra layer of security.
As of the latest updates, FlowiseAI maintainers have not released a patch. Organizations need to enact these preventive measures to fortify their defenses against potential account takeovers until a fix is delivered.
