CVE-2025-71332:
Flowise Análisis y mitigación de vulnerabilidades
Vista general
CVE-2025-71332 is a SQL injection vulnerability in the importChatflows API of FlowiseAI Flowise, affecting all versions through 2.2.7. Due to insufficient validation of the chatflow.id field in imported JSON files, an authenticated user can inject arbitrary SQL into an unsanitized IN clause, enabling blind and error-based extraction of data from the credential table. The vulnerability was published on June 24, 2026, and was assigned by VulnCheck. It carries a CVSS v3.1 base score of 8.8 (High) and a CVSS v4.0 base score of 8.5 (High) (GitHub Advisory, VulnCheck).
Técnicas
The root cause is CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), specifically in packages/server/src/services/chatflows/index.ts. The importChatflows function constructs a SQL IN clause by directly concatenating user-supplied chatflow.id values without sanitization or parameterization: ids += '${newChatflow.id}', which is then passed to WHERE cf.id IN ${ids}. An attacker can inject a payload such as aaaaaa') and if ((<subquery>)<N, 0, 9e300 * 9e300); -- to trigger error-based (arithmetic overflow) SQL injection, enabling character-by-character extraction of data. The same pattern also affects importTools and importVariables APIs (GitHub Advisory).
Impacto
Successful exploitation allows an authenticated attacker to execute arbitrary SQL queries against the Flowise database, enabling full extraction of sensitive data from the credential table — including credentialName and encryptedData fields (e.g., OpenAI API keys stored as encrypted blobs). Beyond data exfiltration, the attacker can modify or delete database records, potentially disrupting service availability. The credential exposure also creates a risk of lateral movement if extracted API keys or secrets are reused across other services (GitHub Advisory).
Pasos de explotación
- Obtain credentials: Acquire valid Flowise credentials (low-privilege authenticated user account or API key) for the target instance.
- Identify target endpoint: Confirm the target is running Flowise ≤ 2.2.7 and that the
/api/v1/chatflows/importchatflowsendpoint is accessible. - Inject a normal record: POST a benign JSON payload to establish a known
data_id(e.g.,aaaaaa) in the database, which will serve as the anchor for subsequent injections. - Determine column length: Send crafted payloads with the injection pattern
aaaaaa') and if (((SELECT length(encryptedData) FROM credential limit 0,1))<N, 0, 9e300 * 9e300); --as theidfield, using binary search over N to determine the length of the target column via arithmetic overflow errors (DOUBLE value is out of range). - Extract data character by character: For each character position, inject
aaaaaa') and if (((SELECT ascii(substr(encryptedData,I,1)) FROM credential limit 0,1))<C, 0, 9e300 * 9e300); --and use binary search over ASCII values to reconstruct each character based on whether the overflow error is triggered. - Collect credentials: Repeat for
credentialNameandencryptedDatacolumns to fully extract stored API keys and secrets from the credential table (GitHub Advisory).
Indicadores de compromiso
- Network: Repeated POST requests to
/api/v1/chatflows/importchatflowsfrom the same authenticated user in rapid succession, especially with unusual or non-UUIDidfield values in the JSON body. - Logs: Application or database logs showing SQL errors such as
DOUBLE value is out of rangeor arithmetic overflow exceptions correlated with import API calls; high volume of near-identical import requests differing only in theidfield value. - File System: Unexpected or malformed
AllChatflows.jsonfiles with non-UUIDidvalues (e.g., containing SQL syntax characters like',),--,SELECT,FROM) in upload or temp directories. - Database: Presence of spurious chatflow records with non-UUID IDs (e.g.,
aaaaaa) in theChatFlowtable, which may indicate the attacker's anchor record used during injection (GitHub Advisory).
Mitigación y soluciones alternativas
No patched version has been officially released as of the advisory publication — the advisory lists "None" for patched versions, and all Flowise versions ≤ 2.2.7 are affected. The recommended remediation is to restrict all chatflow.id and chat.id values to UUID format using strict input validation, and to replace string concatenation with parameterized queries in the importChatflows, importTools, and importVariables APIs. As interim workarounds: restrict access to the importChatflows endpoint to trusted administrators only, monitor for anomalous import activity and SQL error patterns, and avoid exposing Flowise instances to untrusted networks (GitHub Advisory, VulnCheck).
Reacciones de la comunidad
The vulnerability was reported by security researcher Tribal1012 and published via the GitHub Security Advisory program. VulnCheck independently documented the issue and assigned the CVE. No significant broader media coverage or notable public researcher commentary beyond the advisory itself has been identified at this time (GitHub Advisory, VulnCheck).
Recursos adicionales
Fuente: Este informe se generó utilizando IA
Relacionado Flowise Vulnerabilidades:
Evaluación gratuita de vulnerabilidades
Compare su postura de seguridad en la nube
Evalúe sus prácticas de seguridad en la nube en 9 dominios de seguridad para comparar su nivel de riesgo e identificar brechas en sus defensas.
Recursos adicionales de Wiz
Obtén una demostración personalizada
¿Listo para ver a Wiz en acción?
"La mejor experiencia de usuario que he visto en mi vida, proporciona una visibilidad completa de las cargas de trabajo en la nube."
"Wiz proporciona un panel único para ver lo que ocurre en nuestros entornos en la nube."
"Sabemos que si Wiz identifica algo como crítico, en realidad lo es."