GHSA-7944-7c6r-55vv: 
Flowise vulnerability analysis and mitigation

A critical vulnerability (GHSA-7944-7c6r-55vv) was discovered in FlowiseAI version 3.0.5, allowing authenticated admin users to execute arbitrary server-side code through the Supabase RPC Filter component. The vulnerability was disclosed on September 13, 2025, and was patched in version 3.0.6. The issue affects the npm package 'flowise' and received a CVSS score of 9.1 (Critical) (GitHub Advisory).

The vulnerability exists in the Supabase.ts component located at packages/components/nodes/vectorstores/Supabase/Supabase.ts#L237. The component creates a function from user-provided string supabaseRPCFilter without proper filtering, escaping, or sandboxing mechanisms. This allows any injected JavaScript in the string to be compiled and executed immediately when the node is triggered. The vulnerability is classified as CWE-94 (Improper Control of Generation of Code) and has a CVSS v3.1 base score of 9.1, with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H (GitHub Advisory).

The vulnerability has severe impacts including: full OS-level code execution from frontend user input, access to sensitive environment variables like JWTREFRESHTOKEN_SECRET, ability to establish reverse shells and gain interactive remote access, potential for malware installation and data exfiltration, and possible LLM prompt tampering. The vulnerability violates OWASP LLM Top 10 - LLM-06: Sensitive Code Execution, particularly concerning in low-code/visual LLM agents (GitHub Advisory).

The vulnerability has been patched in FlowiseAI version 3.0.6. Users are strongly advised to upgrade to this version or later to mitigate the risk (GitHub Release).