GHSA-j44m-5v8f-gc9c: 
JavaScript vulnerability analysis and mitigation

Flowise, a drag & drop user interface for building customized large language model flows, was found to contain a critical security vulnerability in versions prior to 3.0.8. The vulnerability affects both ReadFileTool and WriteFileTool components, which fail to restrict file path access, allowing authenticated attackers to read and write arbitrary files to any path in the file system (GitHub Advisory). The vulnerability was discovered by XlabAI Team of Tencent Xuanwu Lab and was assigned CVE-2025-61913 (NVD).

The vulnerability stems from the implementation in packages/components/nodes/tools/ReadFile/ReadFile.ts and WriteFile/WriteFile.ts, where the tools directly use the file_path parameter without verifying whether the path belongs to Flowise's working directory. The vulnerability has been assigned a CVSS v3.1 base score of 9.9 CRITICAL with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating high severity across confidentiality, integrity, and availability impacts (GitHub Advisory).

The vulnerability allows authenticated attackers to read sensitive files such as /root/.flowise/encryption.key, /root/.flowise/database.sqlite, and system files like /etc/passwd, /etc/shadow, and /root/.ssh/idrsa. Additionally, attackers can write arbitrary files to any path on the server, potentially leading to remote command execution through various methods such as writing to ~/.ssh/authorizedkeys or overwriting system files (GitHub Advisory).

The vulnerability has been fixed in Flowise version 3.0.8. Users are strongly advised to upgrade to this version, which implements proper file path access restrictions and security boundaries. The fix includes enhanced file handling tools with security features such as workspace boundaries, maximum file size limits, and allowed extension restrictions (Flowise Release).