## https://sploitus.com/exploit?id=09F12617-22FD-5577-ACF9-508C31663CCB
Overview
This repository combines two critical vulnerabilities in Flowise into a single, modular PoC tool.
CVE-2025-58434 CVE-2025-59528
Type Account Takeover Remote Code Execution
Auth Required None Yes (any valid account)
CVSS 9.8 Critical Critical
Affected Cloud + Self-hosted Self-hosted
The two vulnerabilities chain naturally: CVE-2025-58434 provides unauthenticated account takeover, which satisfies the authentication requirement for CVE-2025-59528 โ achieving unauthenticated RCE in a single automated run.
Vulnerability Details
CVE-2025-58434 โ Account Takeover
Root Cause: The forgot-password endpoint returns the password reset token (tempToken) directly in the HTTP response body instead of sending it only via email.
Attack Steps:
POST /api/v1/account/forgot-password with any registered email
Read tempToken from the JSON response โ no email access needed
POST /api/v1/account/reset-password with the leaked token โ set a new password
Log in as the victim