CVE-2025-34267 is a command injection vulnerability classified under CWE-77 affecting FlowiseAI's Flowise product versions 3.0.1 up to but not including 3.0.8 when the 'ALLOW_BUILTIN_DEP' configuration is enabled. Flowise integrates Puppeteer and Playwright modules within a node VM sandbox environment to execute browser automation tasks. However, the vulnerability stems from improper neutralization of special elements in command parameters, allowing an authenticated attacker who can create or run tools leveraging these modules to specify arbitrary browser binary paths and parameters. This capability enables the attacker to escape the node VM sandbox restrictions, executing arbitrary code on the host system with the privileges of the Flowise process. The vulnerability does not require user interaction but does require authentication, which limits exposure to some extent. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L) reflects network attack vector, low complexity, no attack required, high impact on confidentiality, limited impact on integrity and availability, and high scope and security impact. The vulnerability was mistakenly marked as a duplicate of CVE-2025-26319 but is distinct. No public exploits have been reported yet, but the potential for remote code execution in a sandbox escape context makes it a critical concern for environments running vulnerable versions with the risky configuration enabled.

For European organizations, this vulnerability poses a significant risk to systems running Flowise versions prior to 3.0.8 with 'ALLOW_BUILTIN_DEP' enabled. The ability for an authenticated attacker to execute arbitrary code on the host compromises confidentiality, integrity, and availability of affected systems. This could lead to data breaches, unauthorized access to sensitive AI workflows, disruption of AI services, and potential lateral movement within networks. Organizations relying on Flowise for AI model orchestration or automation may face operational downtime and reputational damage. The requirement for authentication reduces the attack surface but insider threats or compromised credentials could facilitate exploitation. Given the high impact and scope, critical infrastructure and enterprises in sectors such as finance, healthcare, and technology in Europe could be targeted. The lack of known exploits in the wild currently provides a window for proactive mitigation before active exploitation occurs.

1. Upgrade Flowise to version 3.0.8 or later where this vulnerability is patched. 2. If upgrading immediately is not possible, disable the 'ALLOW_BUILTIN_DEP' configuration to prevent use of the vulnerable modules. 3. Restrict access to Flowise management interfaces to trusted and authenticated users only, employing strong authentication mechanisms such as multi-factor authentication. 4. Monitor logs for unusual activity related to Puppeteer or Playwright executions and unexpected browser binary invocations. 5. Implement network segmentation to isolate Flowise hosts from critical infrastructure and sensitive data stores. 6. Conduct regular credential audits and enforce least privilege principles to reduce risk from compromised accounts. 7. Employ runtime application self-protection (RASP) or endpoint detection and response (EDR) tools to detect anomalous process executions indicative of sandbox escapes. 8. Educate developers and administrators about the risks of enabling 'ALLOW_BUILTIN_DEP' and the importance of secure configuration management.