CVE-2025-71324 | Flowise up to 3.0.5 /api/v1/get-upload-file streamStorageFile chatId file inclusion (GHSA-99pg-hqvx-r4gf)

A vulnerability labeled as problematic has been found in Flowise up to 3.0.5. This issue affects the function streamStorageFile of the file /api/v1/get-upload-file. Such manipulation of the argument chatId leads to file inclusion.

This vulnerability is listed as CVE-2025-71324. The attack may be performed from remote. There is no available exploit.

The affected component should be upgraded.VulDB Recent EntriesRead More