## https://sploitus.com/exploit?id=666AC195-D335-5E36-88D9-C20B906EE79F
# Flowise Password Reset Account Takeover (ATO)
## Usage
```
usage: CVE-2025-58434-PasswordResetNew.py [-h] -u URL -e EMAIL -p PASSWORD
Flowise Password Reset Exploit (ATO)
options:
-h, --help show this help message and exit
-u, --url URL Base URL of the Flowise instance (e.g. http://target.com)
-e, --email EMAIL Target user's email address
-p, --password PASSWORD
New password to set
Example: python exploit.py -u http://target.com -e victim@email.com -p NewPass123!
```
## Summary
A critical vulnerability in Flowise allows unauthenticated attackers to fully take over user accounts via the password reset functionality.
The `/api/v1/account/forgot-password` endpoint improperly returns a valid password reset token (`tempToken`) along with sensitive user data. This token can be immediately reused to reset the account password without any verification.
---
## Affected versions
CVE-2025-58434 is a critical authentication/authorization vulnerability affecting Flowise (Cloud and self-hosted) versions 3.0.5 and earlier.
## Severity
**CVSS v3.1:** 9.8 (Critical)
**Vector:** `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
---
## Vulnerability Details
The forgot-password endpoint:
* Accepts an email address
* Returns sensitive user data in the response
* Includes a valid `tempToken` intended for password reset
Because the token is exposed directly:
* No email access is required
* No user interaction is required
* No authentication is required