exploitDog

CVE-2025-57164

Опубликовано: 17 окт. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field.

Ссылки

https://github.com/FlowiseAI/Flowise
Product
https://github.com/FlowiseAI/Flowise/blob/main/packages/components/nodes/vectorstores/Supabase/Supabase.ts#L237
Product
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7944-7c6r-55vv
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:flowiseai:flowise:3.0.5:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00161

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-7944-7c6r-55vv

CVSS3: 9.1

github

5 месяцев назад

FlowiseAI Pre-Auth Arbitrary Code Execution

EPSS

Процентиль: 37%

0.00161

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-77