CVE-2025-8943: 
Flowise 脆弱性の分析と軽減

The vulnerability (CVE-2025-8943) affects the Flowise AI platform, an open-source generative AI development platform used to build AI agents and LLM workflows. Discovered in August 2025, this critical vulnerability exists in Flowise versions before 3.0.1 and is related to the Custom MCPs feature. The vulnerability allows remote code execution (RCE) through OS command injection (JFrog Research, Security Online).

The vulnerability stems from the Custom MCPs feature, which is designed to execute OS commands for tasks like spinning up local MCP Servers using tools such as npx. The platform's authentication and authorization model is minimal and lacks role-based access controls (RBAC). The vulnerability has received a CVSS v3.1 score of 9.8 (CRITICAL) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating the highest severity level (NVD, JFrog Research).

The vulnerability allows unauthenticated network attackers to execute unsandboxed OS commands on affected systems. This can lead to full system compromise, enabling attackers to install malware, exfiltrate data, or pivot deeper into network infrastructure (Security Online).

Organizations should immediately update Flowise to version 3.0.1 or later, which contains the patch for this vulnerability. Additionally, it is recommended to enable authentication and implement role-based access controls (RBAC) to restrict access to the Custom MCPs feature. Systems should be isolated from untrusted networks, and administrators should monitor for suspicious API calls, particularly to the node-load-method/customMCP endpoint (Security Online).