A major vulnerability has been identified in FlowiseAI, an open-source tool for automating AI workflows. This flaw, tracked as CVE-2025-58434, puts users at risk of complete account compromise. It affects both the cloud-hosted version and self-hosted deployments that expose specific API endpoints.
Details of the Vulnerability
The issue stems from the password reset feature, particularly the /api/v1/account/forgot-password endpoint. Classified as an Unauthenticated Password Reset Token Disclosure, the flaw has been assigned a CVSS v3.1 score of 9.8, which is considered critical. The associated vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Security researcher HenryHengZJ disclosed the vulnerability, which has been published under advisory GHSA-wgpv-6j63-x5ph. All FlowiseAI versions below 3.0.5 are affected, and no official patch has been released at this time.
How the Exploit Works
When a user requests a password reset, the API responds with a JSON payload that includes sensitive account details. This response contains the user’s ID, name, email address, hashed credentials, account status, and most importantly, a valid password reset token (tempToken) along with its expiration time.
An attacker can exploit this flaw by submitting a password reset request using any known or guessable email address. The API then returns a valid reset token, which can be used to change the password through the /api/v1/account/reset-password endpoint. This process requires no prior authentication or user interaction.
Proof-of-Concept Demonstration
The exploitation steps are straightforward:
Submit a password reset request using the victim’s email.
Receive a response containing the reset token.
Use the token to reset the password and gain access.
This vulnerability allows attackers to bypass authentication entirely and exposes all accounts, including those with administrative privileges.
Affected Versions
The flaw impacts:
- The cloud-hosted version at cloud.flowiseai.com
- Any self-hosted deployment running a version below 3.0.5 with exposed API endpoints
Because the only requirement for exploitation is knowledge of a user’s email address, the risk level is extremely high.
Recommended Mitigation Steps
Organizations using FlowiseAI should act immediately to reduce exposure. Suggested actions include:
- Restricting public access to the /api/v1/account/forgot-password endpoint until a fix is available
- Avoiding direct return of reset tokens or account data through APIs
- Delivering reset tokens securely via email after proper validation
- Using generic responses to prevent user enumeration
- Implementing strong token validation with short expiration, origin tracking, and one-time use
- Monitoring logs for unusual or excessive password reset activity
- Enforcing multi-factor authentication for accounts with elevated privileges
As of the latest update, FlowiseAI maintainers have not released a patch. Organizations running affected versions should apply compensating controls to prevent account takeover incidents.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
