CVE-2025-8943

CRITICAL EXPLOITED NUCLEI

Flowise < 3.0.1 - Unauthenticated Remote Code Execution via Custom MCPs Feature

Title source: llm

Exploitation Summary

CVE-2025-8943 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Assaf Levkovich, including a Metasploit module exploits/multi/http/flowise_custommcp_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits a remote code execution vulnerability in Flowise via the customMCP endpoint, allowing arbitrary command execution through the StdioClientTransport mechanism. It supports both authenticated and unauthenticated exploitation depending on Flowise configuration.

Description

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Assaf Levkovich · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/flowise_custommcp_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits a remote code execution vulnerability in Flowise via the customMCP endpoint, allowing arbitrary command execution through the StdioClientTransport mechanism. It supports both authenticated and unauthenticated exploitation depending on Flowise configuration.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Flowise versions >= 2.2.7-patch.1 and < 3.0.1

No auth needed

Prerequisites: Network access to Flowise API (port 3000 by default) · Flowise version within vulnerable range

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Flowise < 3.0.1 - Remote Command Execution

CRITICALVERIFIEDby zezezez

Shodan: http.title:"Flowise"

References (1)

Core 1

Core References

Exploit, Third Party Advisory third-party-advisory

https://research.jfrog.com/vulnerabilities/flowise-os-command-remote-code-execution-jfsa-2025-001380578/

Scores

CVSS v3 9.8

EPSS 0.8647

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2025-11-27

CWE

CWE-862 CWE-306

Status published

Products (2)

flowiseai/flowise < 3.0.1

npm/flowise 0npm

Published Aug 14, 2025

Tracked Since Feb 18, 2026