Home

Description

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field.

PUBLISHED Reserved 2025-08-17 | Published 2025-10-17 | Updated 2025-10-17 | Assigner mitre

References

github.com/FlowiseAI/Flowise

github.com/...onents/nodes/vectorstores/Supabase/Supabase.ts

github.com/...lowise/security/advisories/GHSA-7944-7c6r-55vv

cve.org (CVE-2025-57164)

nvd.nist.gov (CVE-2025-57164)

Download JSON