CVE-2025-8943
Flowise · Flowise
The Custom MCPs feature in Flowise contains an authentication and authorization flaw that allows for the unauthorized execution of arbitrary OS commands.
Executive summary
A critical authentication and authorization flaw in the Flowise Custom MCPs feature allows unauthenticated attackers to execute arbitrary OS commands, posing a severe risk of system compromise.
Vulnerability
The vulnerability exists within the Custom MCPs feature, which is designed to execute OS commands via tools like npx. Due to insufficient authentication and authorization controls, an unauthenticated attacker can trigger these commands, leading to remote code execution.
Business impact
The ability for an unauthenticated attacker to execute arbitrary OS commands represents a critical risk to the confidentiality, integrity, and availability of the host environment. With a CVSS score of 9.8, this vulnerability could allow full system compromise, data exfiltration, or the deployment of persistent malware, resulting in significant operational downtime and reputational damage.
Remediation
Immediate Action: Identify and update the Flowise instance to the latest security release provided by the vendor to remediate the authorization logic.
Proactive Monitoring: Review system and application logs for unusual command execution patterns or the spawning of unexpected child processes from the Flowise service.
Compensating Controls: Restrict network access to the Flowise interface using a firewall or VPN to ensure that the management interface is not exposed to untrusted networks.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the critical CVSS severity of 9.8, administrators must prioritize the identification and patching of all exposed Flowise instances. Immediate application of the latest vendor-supplied update is required to close the authorization gap and prevent potential remote code execution attacks.