Exploit for Missing Authentication for Critical Function in Flowiseai Flowise CVE-2025-58434

Name: Exploit for Missing Authentication for Critical Function in Flowiseai Flowise CVE-2025-58434
Rating: 5 (123 reviews)

2026-04-15 | CVSS 9.8

## https://sploitus.com/exploit?id=6D08DD28-3E6A-5370-AF92-CA6CC9DAC3D7
# Flowise-CVE-2025-58434-PasswordReset
Unauthenticated password reset exploit for Flowise AI ≤ 3.0.5. Abuses the /api/v1/account/forgot-password endpoint to change any user's password without prior authentication. Includes a proof-of-concept script and mitigation guidelines.