CVE-2025-34267

HIGH EPSS 92.4%
Published Oct 14, 20258mo ago · Modified Jun 17, 20262w ago
8.4 CVSS 4.0
High
Find Similar
Published Oct 14, 2025 8mo ago
Last Modified Jun 17, 2026 2w ago

Description

Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nodevm execution environment. An authenticated attacker able to create or run a tool that leverages Puppeteer/Playwright can specify attacker-controlled browser binary paths and parameters. When the tool executes, the attacker-controlled executable/parameters are run on the host and circumvent the intended nodevm sandbox restrictions, resulting in execution of arbitrary code in the context of the host. This vulnerability was incorrectly assigned as a duplicate CVE-2025-26319 by the developers and should be considered distinct from that identifier.

CVSS Details

Base Score
8.4
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
92.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-77 Command Injection Injection

Affected Products 1

VendorProductVersionRange
flowiseaiflowise*≥3.0.1  –  <3.0.8

References 4

  • flowiseai.com https://flowiseai.com/
    Product
  • github.com https://github.com/FlowiseAI/Flowise/pull/5231
    Issue Tracking
  • github.com https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-5w3r-f6gm-c25w
    ExploitVendor Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/flowise-auth-command-execution-and-sandbox-bypass-via-puppeteer-and-playwright-packages
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.