What is CVE-2025-71328?

CVE-2025-71328 is a high-severity vulnerability in Flowise, classified under CWE-620. CVSS score: 8.3/10. Published 2026-06-25.

How severe is CVE-2025-71328?

High severity. CVSS v3 base score is 8.3 out of 10.

Vulnerability in Flowise

CVE-2025-71328

Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the account settings (Security) section without supplying the current password or any additional ve…

CVSS v3 metric

CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L.

Affected products

Flowise — versions 0, 3.0.10

Weakness classification (CWE)

CWE-620

References

disclosure@vulncheck.com (vendor-advisory)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2025-71328?: CVE-2025-71328 is a high-severity vulnerability in Flowise, classified under CWE-620. CVSS score: 8.3/10. Published 2026-06-25.
How severe is CVE-2025-71328?: High severity. CVSS v3 base score is 8.3 out of 10.