What is CVE-2025-71334?

CVE-2025-71334 is a critical-severity vulnerability in Flowise, classified under External Control of File Name or Path. CVSS score: 9.8/10. Published 2026-06-25.

How severe is CVE-2025-71334?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Flowise

CVE-2025-71334

Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a…

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Flowise — versions 0, 3.0.6

Weakness classification (CWE)

CWE-73 — External Control of File Name or Path

References

disclosure@vulncheck.com (vendor-advisory)
disclosure@vulncheck.com (patch)
disclosure@vulncheck.com (patch)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2025-71334?: CVE-2025-71334 is a critical-severity vulnerability in Flowise, classified under External Control of File Name or Path. CVSS score: 9.8/10. Published 2026-06-25.
How severe is CVE-2025-71334?: Critical severity. CVSS v3 base score is 9.8 out of 10.