Share
## https://sploitus.com/exploit?id=09F12617-22FD-5577-ACF9-508C31663CCB
Overview
This repository combines two critical vulnerabilities in Flowise into a single, modular PoC tool.

CVE-2025-58434	CVE-2025-59528
Type	Account Takeover	Remote Code Execution
Auth Required	None	Yes (any valid account)
CVSS	9.8 Critical	Critical
Affected	Cloud + Self-hosted	Self-hosted
The two vulnerabilities chain naturally: CVE-2025-58434 provides unauthenticated account takeover, which satisfies the authentication requirement for CVE-2025-59528 โ€” achieving unauthenticated RCE in a single automated run.

Vulnerability Details
CVE-2025-58434 โ€” Account Takeover
Root Cause: The forgot-password endpoint returns the password reset token (tempToken) directly in the HTTP response body instead of sending it only via email.

Attack Steps:

POST /api/v1/account/forgot-password with any registered email
Read tempToken from the JSON response โ€” no email access needed
POST /api/v1/account/reset-password with the leaked token โ†’ set a new password
Log in as the victim