A critical vulnerability (CVE-2025-58434, CVSS 9.8) in FlowiseAI’s password reset mechanism exposes all versions before 3.0.5 to account takeover attacks. The flaw in the `/api/v1/account/forgot-password` endpoint discloses sensitive user data including user IDs, emails, hashed credentials, and valid password reset tokens directly in the API response, bypassing email verification. Attackers need only a victim’s email (often publicly obtainable) to execute two simple HTTP requests: one to fetch the token and another to reset the password. No authentication or user interaction is required, enabling silent, full account compromise.High-privilege and administrator accounts are equally vulnerable, risking unauthorized AI workflow manipulation, data exfiltration, or malicious automation injection. The absence of a patch (as of discovery) amplifies risks, with potential consequences ranging from operational disruption to full organizational takeover. Mitigation relies on temporary access restrictions, MFA enforcement, and real-time monitoring of reset activities. The flaw underscores systemic API security gaps, demanding urgent remediation to prevent large-scale exploitation.
Source: https://cyberpress.org/flowiseai-token-flaw/
TPRM report: https://www.rankiteo.com/company/flowiseai
"id": "flo3432334091525",
"linkid": "flowiseai",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'All organizations using '
'FlowiseAI versions before 3.0.5 '
'(cloud-hosted and self-hosted)',
'industry': 'AI Workflow Automation',
'name': 'FlowiseAI',
'type': 'Software Vendor'}],
'attack_vector': ['Network-based (API endpoint exploitation)',
'Unauthenticated Password Reset Token Disclosure'],
'customer_advisories': ['Urgent: Apply mitigations until patch is available',
'Monitor for unauthorized account activity'],
'data_breach': {'data_exfiltration': 'Potential (if attackers gain access to '
'admin accounts)',
'personally_identifiable_information': 'Potential (if user '
'accounts contain PII)',
'sensitivity_of_data': 'High (credentials and tokens enable '
'account takeover)',
'type_of_data_compromised': ['User account information (ID, '
'name, email)',
'Hashed credentials',
'Password reset tokens']},
'description': 'A critical security flaw in FlowiseAI’s password reset '
'mechanism (CVE-2025-58434) enables attackers to commandeer '
'user accounts by exploiting an unauthenticated token '
'disclosure in the `/api/v1/account/forgot-password` endpoint. '
'The vulnerability affects all versions before 3.0.5, allowing '
'full account compromise with minimal effort requiring only '
'the victim’s email address. Attackers can reset passwords '
'silently, bypassing email verification, and gain '
'administrative access to manipulate AI workflows, exfiltrate '
'data, or introduce malicious automation. The issue has a CVSS '
'3.1 score of 9.8 (Critical) and impacts both cloud-hosted and '
'self-hosted deployments.',
'impact': {'brand_reputation_impact': 'High (due to account takeover risks '
'and potential data breaches)',
'data_compromised': ['User IDs',
'Names',
'Email addresses',
'Hashed credentials',
'Password reset tokens (tempToken)'],
'identity_theft_risk': 'High (if PII or credentials are exposed)',
'operational_impact': ['Potential manipulation of AI workflows',
'Unauthorized automation tasks',
'Operational disruption'],
'systems_affected': ['FlowiseAI (cloud-hosted deployments)',
'FlowiseAI (self-hosted deployments)',
'AI workflow automation platforms']},
'initial_access_broker': {'entry_point': '/api/v1/account/forgot-password '
'endpoint',
'high_value_targets': 'Administrator and '
'high-privilege accounts'},
'investigation_status': 'Ongoing (no official patch released as of '
'disclosure)',
'lessons_learned': ['Importance of rigorous API security and secure coding '
'practices',
'Need for multi-layered authentication (e.g., MFA) to '
'mitigate credential-based attacks',
'Criticality of real-time monitoring for anomalous API '
'activity'],
'post_incident_analysis': {'corrective_actions': ['Patch the '
'`/api/v1/account/forgot-password` '
'endpoint to prevent token '
'disclosure',
'Enforce email-based '
'verification for password '
'resets',
'Implement MFA and API '
'access controls'],
'root_causes': ['Insecure API implementation '
'(direct token disclosure in '
'response)',
'Lack of email-based verification '
'for password resets',
'Absence of rate-limiting or '
'anomaly detection for reset '
'requests']},
'recommendations': ['Restrict access to vulnerable API endpoints immediately',
'Implement MFA for all user accounts, especially '
'administrators',
'Monitor and audit password reset activity',
'Upgrade to FlowiseAI version 3.0.5 or later once the '
'patch is released',
'Review and harden all authentication workflows'],
'references': [{'source': 'CVE Details'},
{'source': 'FlowiseAI Security Advisory (hypothetical)'}],
'response': {'containment_measures': ['Restrict access to the password reset '
'API via network controls or API '
'gateways',
'Enforce strict authentication '
'requirements for API access'],
'enhanced_monitoring': 'Real-time monitoring of password reset '
'requests',
'recovery_measures': ['Apply multi-factor authentication (MFA) '
'for all user accounts, especially '
'administrators',
'Audit logs of password reset and '
'reset-password API calls'],
'remediation_measures': ['Monitor password reset activity in '
'real-time',
'Flag anomalous spikes or tokens issued '
'without email confirmations']},
'title': 'Critical Password Reset Vulnerability in FlowiseAI (CVE-2025-58434)',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2025-58434 (Unauthenticated Password Reset '
'Token Disclosure in '
'`/api/v1/account/forgot-password`)'}