CVE-2025-61913 is a critical security vulnerability classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, commonly known as path traversal) found in FlowiseAI's Flowise product prior to version 3.0.8. Flowise provides a drag-and-drop interface for constructing customized large language model workflows, and its WriteFileTool and ReadFileTool components allow file system interactions. The vulnerability stems from insufficient validation and restriction of file path inputs, enabling authenticated users to traverse directories beyond the intended scope. This flaw permits attackers to read and write arbitrary files anywhere on the host file system, which can lead to severe consequences including unauthorized data disclosure, modification of critical files, and potentially remote command execution if malicious files are written and executed. The vulnerability requires authentication but no user interaction, and the attack vector is network-based, making it exploitable remotely by authorized users. The CVSS v3.1 base score is 10.0, indicating critical severity with high impact on confidentiality, integrity, and availability, low attack complexity, and scope change due to potential system-wide compromise. Flowise 3.0.8 includes fixes that properly restrict file path access to mitigate this vulnerability. No known exploits in the wild have been reported yet, but the critical nature and ease of exploitation make it a high-priority issue for affected organizations.

For European organizations, the impact of CVE-2025-61913 can be severe. Organizations using Flowise to build AI workflows may face unauthorized disclosure of sensitive data, including intellectual property or personal data protected under GDPR. Integrity of systems can be compromised by unauthorized file modifications, potentially disrupting AI model workflows or injecting malicious code. Availability may be affected if attackers execute commands that disrupt services or delete critical files. Given the critical CVSS score and the possibility of remote command execution, attackers could gain persistent control over affected systems. This is particularly concerning for sectors such as finance, healthcare, and government agencies in Europe, which increasingly adopt AI technologies and handle sensitive data. The vulnerability also poses compliance risks under European data protection regulations if exploited. The requirement for authentication limits exposure somewhat but does not eliminate risk, especially in environments with weak credential management or insider threats.

European organizations should immediately upgrade Flowise installations to version 3.0.8 or later to remediate this vulnerability. Until patching is complete, restrict access to Flowise interfaces to trusted networks and users only, employing network segmentation and strong authentication mechanisms such as multi-factor authentication. Implement strict file system permissions to limit the impact of potential exploitation. Monitor logs for unusual file access patterns or unauthorized file modifications related to WriteFileTool and ReadFileTool usage. Conduct regular audits of user accounts with access to Flowise to ensure least privilege principles. Consider deploying runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect and block exploitation attempts. Additionally, educate administrators and users about the risks of path traversal vulnerabilities and enforce secure coding and configuration practices for AI workflow tools.