A significant security flaw has been identified in FlowiseAI’s Flowise platform, presenting a critical authentication bypass vulnerability that permits attackers to fully compromise user accounts with minimal effort. This vulnerability, designated as CVE-2025-58434, affects both cloud-based deployments at cloud.flowiseai.com and self-hosted installations, posing a substantial risk to organizations utilizing this AI agent-building platform.
Understanding the Password Reset Token Vulnerability
The core issue lies within the /api/v1/account/forgot-password endpoint. This endpoint improperly returns sensitive authentication tokens in its API responses without adequate verification. When an attacker submits a password reset request, the system responds with comprehensive user details, including the victim’s temporary token (tempToken) and token expiry timestamp. This response effectively circumvents the intended email-based verification process.
Exploiting this vulnerability requires only the target’s email address. An attacker can execute a simple POST request to the vulnerable endpoint using the following curl command:
“`
curl -i -X POST https://
“`
The server responds with a 201 Created status, exposing the complete user object containing the tempToken necessary for password reset operations.
Once the tempToken is obtained, it can be immediately reused against the /api/v1/account/reset-password endpoint to change the victim’s credentials without any additional verification. This second-stage attack involves another POST request containing the victim’s email, the intercepted tempToken, and the attacker’s chosen password. The server processes this request with a 200 OK response, completing the account takeover process.
Severity and Impact
This vulnerability has been assigned a CVSS 3.1 Base Score of 9.8 (Critical), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This score indicates that the vulnerability is exploitable over a network without authentication, has low attack complexity, and results in high impact on confidentiality, integrity, and availability. Such a classification underscores the potential for widespread automated exploitation against both cloud and on-premises deployments.
Security researchers Zaddy6 and Arthurgervais reported this vulnerability, highlighting its critical nature and the urgency for remediation.
Risk Factors
– Affected Products: FlowiseAI Flowise versions prior to 3.0.5, Flowise Cloud (cloud.flowiseai.com), and self-hosted/local deployments.
– Impact: Complete Account Takeover (ATO).
– Exploit Prerequisites: Knowledge of the target’s email address and network access to the /api/v1/account/forgot-password endpoint; no authentication required.
– CVSS 3.1 Score: 9.8 (Critical).
Mitigation Strategies
To address this critical flaw, FlowiseAI and administrators of self-hosted installations should implement the following measures immediately:
1. Modify API Responses: Ensure that the /api/v1/account/forgot-password endpoint does not disclose the tempToken or any sensitive account details in its HTTP response. Instead, return a generic success message such as `{message:If the email exists, you will receive reset instructions.}` regardless of whether the email is registered.
2. Secure Token Delivery: Enforce the delivery of password reset tokens exclusively via the user’s verified email address. The API should generate a one-time tempToken, store it securely server-side, and invalidate it upon first use or after a short expiration period.
3. Implement Validation Checks: Add validation to the /api/v1/account/reset-password endpoint by verifying that the tempToken matches the last generated token for the given email, hasn’t been used, and originates from the same client/IP that requested it. Logging each password reset request along with associated IP addresses and timestamps will aid in detecting anomalous patterns.
4. Conduct Code Reviews: Perform a thorough code review of both cloud and self-hosted deployment branches to confirm that no residual debug endpoints expose sensitive data.
5. Apply Rate Limiting: Implement strict rate limiting on both password reset endpoints to thwart automated enumeration or brute-force attempts.
6. Plan for Patch Release: Develop and release a patch for version 3.0.5 that automates all the above fixes and provides clear upgrade instructions.
Until the patch is available, administrators should consider placing the application behind a Web Application Firewall (WAF) and restricting access to the API endpoints to known networks or authenticated channels only.
By eliminating direct token exposure and enforcing robust verification and monitoring practices, organizations can mitigate the risk of account takeover and preserve the integrity of user credentials.
