A critical vulnerability has been identified in Flowise is a drag products, assigned a severity score of 9.9 out of 10. This flaw allows an unauthenticated attacker to read and write arbitrary files on the server, which could lead to a complete system compromise, data theft, and service disruption. Organizations are urged to apply the recommended security update immediately to mitigate this significant risk.

The vulnerability exists within the WriteFileTool and ReadFileTool components of the Flowise application. These tools lack proper input validation and path sanitization, creating a Path Traversal vulnerability. An attacker can exploit this by crafting a request with specially formatted file paths (e.g., using ../../ sequences) to navigate outside of the intended directory. This allows the attacker to read sensitive files from any location on the server's file system (such as /etc/passwd, configuration files with credentials, or private keys) or write malicious files (such as a web shell) to arbitrary locations, leading to Remote Code Execution (RCE).

This vulnerability is rated as critical severity with a CVSS score of 9.9. Successful exploitation could lead to a full compromise of the underlying server hosting the Flowise application. The potential consequences include a severe data breach of sensitive corporate or customer information, deployment of ransomware, complete operational disruption, and significant reputational damage. An attacker could use the compromised system as a pivot point to launch further attacks against the internal network, escalating the incident's impact across the organization.

Immediate Action: Immediately update all instances of Flowise is a drag Multiple Products to version 3.0.8 or the latest available version, which contains the patch for this vulnerability. After patching, monitor system and application logs for any signs of exploitation attempts that may have occurred prior to the update. Review file systems for any unauthorized or suspicious files, particularly in web-accessible directories.

Proactive Monitoring: Implement enhanced monitoring on affected servers. Specifically, monitor application logs for requests to WriteFileTool and ReadFileTool containing directory traversal patterns (e.g., ../, %2e%2e/). Monitor the file system for the creation of unexpected files (e.g., .jsp, .php, .sh) and monitor for unusual outbound network traffic originating from the Flowise server, which could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Use a Web Application Firewall (WAF) with rules designed to detect and block path traversal attempts.
• Run the Flowise application in a sandboxed or containerized environment with strict, minimal file system permissions (read/write access only to necessary directories).
• Restrict network access to the Flowise application interface, allowing connections only from trusted IP addresses.

Public Exploit Available: false

Due to the critical severity (CVSS 9.9) of this vulnerability and the high potential for a complete system compromise, we strongly recommend that organizations prioritize the immediate patching of all affected Flowise is a drag instances. Although this CVE is not currently on the CISA KEV list, its critical nature makes it a prime target for exploitation. If patching cannot be performed immediately, the compensating controls listed above should be implemented as a matter of urgency to mitigate the risk of a breach.