CVE-2025-29192 is a Cross-site Scripting (XSS) vulnerability classified under CWE-79 affecting FlowiseAI's Flowise product prior to version 3.0.5. The vulnerability occurs due to improper neutralization of input during web page generation, specifically when an administrator views chat logs containing FORM and INPUT HTML elements. This flaw allows an attacker to inject malicious scripts that execute in the context of the admin's browser session. The CVSS 3.1 score of 8.2 reflects a high-severity issue with a network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is changed (S:C), indicating the vulnerability can affect resources beyond the vulnerable component. The impact on confidentiality is high (C:H) as attackers can steal sensitive admin session tokens or data, while integrity impact is low (I:L) and availability impact is none (A:N). Exploitation involves crafting malicious chat logs that embed FORM and INPUT elements with harmful scripts, which execute when an admin views these logs. Although no known exploits are reported in the wild, the vulnerability poses a significant risk to administrative control and data confidentiality. The vulnerability was reserved in March 2025 and published in October 2025. No official patches or exploit code links are currently provided, but upgrading to version 3.0.5 or later is recommended. This vulnerability highlights the importance of proper input validation and output encoding in web applications, especially those handling administrative interfaces and user-generated content.

For European organizations using Flowise, this vulnerability could lead to unauthorized disclosure of sensitive administrative data, including session cookies, credentials, or internal workflow information, compromising confidentiality. Attackers exploiting this flaw could hijack admin sessions, potentially gaining control over AI workflow configurations or sensitive operational data. Although integrity and availability impacts are limited, the breach of confidentiality alone can have severe consequences, such as intellectual property theft, regulatory non-compliance (e.g., GDPR violations), and reputational damage. Given that Flowise is used for AI workflow management, disruption or compromise of these workflows could indirectly affect business operations. The requirement for user interaction (admin viewing malicious logs) means targeted phishing or social engineering campaigns could be used to exploit this vulnerability. Organizations with high reliance on AI tools and sensitive data processing are particularly vulnerable. The absence of known exploits in the wild suggests a window of opportunity for proactive mitigation before active exploitation occurs.

1. Immediately upgrade Flowise to version 3.0.5 or later where the vulnerability is fixed. 2. Implement strict input validation and output encoding on all user-generated content, especially chat logs, to neutralize potentially malicious HTML or script elements. 3. Restrict administrative access to trusted personnel and enforce multi-factor authentication to reduce risk from compromised admin sessions. 4. Monitor chat logs and admin interface activity for suspicious inputs or behaviors indicative of exploitation attempts. 5. Employ Content Security Policy (CSP) headers to limit script execution contexts and reduce XSS impact. 6. Conduct security awareness training for administrators to recognize and avoid interacting with suspicious chat content. 7. Regularly audit and sanitize stored chat logs to remove potentially harmful embedded elements. 8. Use web application firewalls (WAFs) with rules targeting XSS payloads to provide an additional layer of defense. 9. Engage in vulnerability scanning and penetration testing focused on administrative interfaces to detect similar issues. 10. Maintain an incident response plan to quickly address any detected exploitation attempts.