Overview
CVE-2025-58434 is a serious vulnerability found in the `forgot-password` endpoint of Flowise, a drag & drop user interface used to build customized large language model flows. In earlier versions, specifically version 3.0.5 and below, this endpoint has been found to return sensitive information, including a valid password reset `tempToken`, without any form of authentication or verification. This vulnerability paves the way for potential attackers to generate a reset token for any user, thereby enabling them to reset the user’s password and take over the account. This vulnerability is especially significant given Flowise’s widespread use in both cloud service (`cloud.flowiseai.com`) and self-hosted/local deployments.
Vulnerability Summary
CVE ID: CVE-2025-58434
Severity: Critical (9.8)
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: Potential system compromise or data leakage
Affected Products
Share secrets securely
Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.
Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.
- • Encrypted identity
- • Private Spaces for organizations and teams
- • End-to-end encrypted chat, calls, files, and notes
- • Sensitive AI work and protected collaboration
- • Built for information that cannot leak
Our mission is to secure human work alongside AI.
Product | Affected Versions
Flowise Cloud Service | ≤ 3.0.5
Flowise Self-Hosted/Local Deployments | ≤ 3.0.5
How the Exploit Works
The exploit takes advantage of the `forgot-password` endpoint in Flowise. As the endpoint doesn’t require any form of authentication or verification, an attacker simply has to send a password reset request for any arbitrary user. The system then returns a valid `tempToken` in the API response, which the attacker can use to reset the password of the targeted user, leading to a complete account takeover.
Conceptual Example Code
Here’s a conceptual example of how this vulnerability might be exploited, using a simple HTTP POST request:
POST /api/forgot-password HTTP/1.1
Host: cloud.flowiseai.com
Content-Type: application/json
{
"username": "targeted.user@example.com"
}
In the above example, the attacker sends a password reset request for the targeted user’s account. The server responds with a `tempToken`, which can then be used to reset the user’s password, potentially leading to unauthorized access and a complete account takeover. The actual returned `tempToken` will vary, and the attacker would use it in a subsequent request to reset the password.
