CVE-2025-71333 | Flowise up to 2.2.4 /api/v1/attachments chatflowId file inclusion (GHSA-h42x-xx2q-6v6g)

A vulnerability identified as critical has been detected in Flowise up to 2.2.4. The affected element is an unknown function of the file /api/v1/attachments. Performing a manipulation of the argument chatflowId results in file inclusion.

This vulnerability is identified as CVE-2025-71333. The attack can be initiated remotely. There is not any exploit available.VulDB Recent EntriesRead More