CVE-2025-57164: 
Flowise vulnerability analysis and mitigation

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field. The vulnerability was discovered and disclosed in September 2025, affecting the npm package 'flowise'. This critical security flaw impacts all Flowise installations up to version 3.0.4, with a patch available in version 3.0.6 (GitHub Advisory).

The vulnerability exists in the Supabase.ts component located at packages/components/nodes/vectorstores/Supabase/Supabase.ts#L237. The flaw allows for arbitrary code execution through the creation of a function from user-provided string supabaseRPCFilter without proper filtering, escaping, or sandboxing mechanisms. The vulnerability has been assigned a CVSS v3.1 score of 9.1 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, indicating high severity across confidentiality, integrity, and availability impacts (GitHub Advisory).

The vulnerability enables full server compromise and severe breach of trust boundaries between frontend input and backend execution logic. Impacts include remote code execution (RCE) with OS-level access, exposure of sensitive environment variables, ability to establish reverse shells, potential for malware installation and persistence, and the risk of LLM prompt tampering. The flaw violates OWASP LLM Top 10 - LLM-06: Sensitive Code Execution guidelines (GitHub Advisory).

Users should immediately upgrade to Flowise version 3.0.6 or later, which contains the patch for this vulnerability. No alternative workarounds have been provided in the advisory (GitHub Advisory).

The vulnerability was discovered and reported by Team 404 Not Found 퇴근 (WhiteHat School 3rd cohort, South Korea). The discovery highlights significant security concerns in low-code/visual LLM agents and their potential impact on AI system security (GitHub Advisory).