CVE-2025-71328

Source
https://cve.org/CVERecord?id=CVE-2025-71328
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71328.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-71328
Aliases
Published
2026-06-25T21:41:04.185Z
Modified
2026-07-15T01:48:54.662089834Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
Flowise - Unverified Password Change via Account Settings
Details

Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the account settings (Security) section without supplying the current password or any additional verification, as the application does not enforce a current-password check on the credential change. This can lead to full account takeover, particularly if an attacker can hijack or coerce an authenticated session.

Database specific
{
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-620"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71328.json"
}
References

Affected packages

Git / github.com/flowiseai/flowise

Affected ranges

Type
GIT
Repo
https://github.com/flowiseai/flowise
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.0.10"
        }
    ]
}

Affected versions

flowise-components@1.*
flowise-components@1.0.0
flowise-components@1.1.0
flowise-components@1.1.1
flowise-components@1.2.1
flowise-components@1.2.10
flowise-components@1.2.12
flowise-components@1.2.14
flowise-components@1.2.15
flowise-components@1.2.16
flowise-components@1.2.17
flowise-components@1.2.2
flowise-components@1.2.3
flowise-components@1.2.4
flowise-components@1.2.5
flowise-components@1.2.6
flowise-components@1.2.7
flowise-components@1.2.8
flowise-components@1.2.9
flowise-components@1.3.0
flowise-components@1.3.1
flowise-components@1.3.10
flowise-components@1.3.11
flowise-components@1.3.2
flowise-components@1.3.3
flowise-components@1.3.4
flowise-components@1.3.5
flowise-components@1.3.7
flowise-components@1.3.8
flowise-components@1.3.9
flowise-components@1.4.0
flowise-components@1.4.1
flowise-components@1.4.2
flowise-components@1.4.6
flowise-components@1.4.7
flowise-components@1.4.8
flowise-components@1.4.9
flowise-components@1.5.0
flowise-components@1.5.1
flowise-components@1.5.2
flowise-components@1.5.3
flowise-components@1.6.0
flowise-components@1.6.1
flowise-components@1.6.2
flowise-components@1.6.3
flowise-components@1.6.4
flowise-components@1.6.5
flowise-components@1.6.6
flowise-components@1.6.7
flowise-components@1.6.8
flowise-components@1.7.0
flowise-components@1.7.1
flowise-components@1.7.2
flowise-components@1.8.0
flowise-components@1.8.1
flowise-components@1.8.3
flowise-components@1.8.4
flowise-components@1.8.6
flowise-components@2.*
flowise-components@2.0.2
flowise-components@2.0.3
flowise-components@2.0.4
flowise-components@2.0.5
flowise-components@2.0.6
flowise-components@2.0.7
flowise-components@2.1.0
flowise-components@2.1.1
flowise-components@2.1.2
flowise-components@2.1.3
flowise-components@2.1.4
flowise-components@2.1.5
flowise-components@2.2.0
flowise-components@2.2.1
flowise-components@2.2.2
flowise-components@2.2.3
flowise-components@2.2.4
flowise-components@2.2.5
flowise-components@2.2.6
flowise-components@2.2.7
flowise-components@2.2.7-patch.1
flowise-components@2.2.8
flowise-components@3.*
flowise-components@3.0.0
flowise-components@3.0.1
flowise-components@3.0.2
flowise-components@3.0.3
flowise-components@3.0.4
flowise-components@3.0.5
flowise-components@3.0.6
flowise-components@3.0.7
flowise-components@3.0.8
flowise-components@3.0.9
flowise-ui@1.*
flowise-ui@1.0.0
flowise-ui@1.1.0
flowise-ui@1.2.0
flowise-ui@1.2.1
flowise-ui@1.2.10
flowise-ui@1.2.12
flowise-ui@1.2.13
flowise-ui@1.2.14
flowise-ui@1.2.15
flowise-ui@1.2.2
flowise-ui@1.2.3
flowise-ui@1.2.4
flowise-ui@1.2.5
flowise-ui@1.2.6
flowise-ui@1.2.7
flowise-ui@1.3.0
flowise-ui@1.3.1
flowise-ui@1.3.2
flowise-ui@1.3.3
flowise-ui@1.3.4
flowise-ui@1.3.5
flowise-ui@1.3.6
flowise-ui@1.3.7
flowise-ui@1.4.0
flowise-ui@1.4.2
flowise-ui@1.4.3
flowise-ui@1.4.4
flowise-ui@1.4.5
flowise-ui@1.4.6
flowise-ui@1.4.7
flowise-ui@1.4.8
flowise-ui@1.4.9
flowise-ui@1.5.0
flowise-ui@1.5.1
flowise-ui@1.6.0
flowise-ui@1.6.1
flowise-ui@1.6.2
flowise-ui@1.6.3
flowise-ui@1.6.4
flowise-ui@1.6.5
flowise-ui@1.6.6
flowise-ui@1.7.0
flowise-ui@1.7.1
flowise-ui@1.7.2
flowise-ui@1.8.0
flowise-ui@1.8.1
flowise-ui@1.8.2
flowise-ui@1.8.3
flowise-ui@1.8.4
flowise-ui@2.*
flowise-ui@2.0.2
flowise-ui@2.0.3
flowise-ui@2.0.4
flowise-ui@2.0.5
flowise-ui@2.0.6
flowise-ui@2.0.7
flowise-ui@2.1.0
flowise-ui@2.1.1
flowise-ui@2.1.2
flowise-ui@2.1.3
flowise-ui@2.1.4
flowise-ui@2.1.5
flowise-ui@2.2.0
flowise-ui@2.2.1
flowise-ui@2.2.2
flowise-ui@2.2.3
flowise-ui@2.2.4
flowise-ui@2.2.5
flowise-ui@2.2.6
flowise-ui@2.2.7
flowise-ui@2.2.7-patch.1
flowise-ui@2.2.8
flowise-ui@3.*
flowise-ui@3.0.0
flowise-ui@3.0.1
flowise-ui@3.0.2
flowise-ui@3.0.3
flowise-ui@3.0.4
flowise-ui@3.0.5
flowise-ui@3.0.6
flowise-ui@3.0.7
flowise-ui@3.0.8
flowise-ui@3.0.9
flowise@1.*
flowise@1.0.0
flowise@1.0.1
flowise@1.1.0
flowise@1.1.1
flowise@1.2.1
flowise@1.2.11
flowise@1.2.13
flowise@1.2.14
flowise@1.2.15
flowise@1.2.16
flowise@1.2.2
flowise@1.2.3
flowise@1.2.4
flowise@1.2.5
flowise@1.2.6
flowise@1.2.7
flowise@1.2.8
flowise@1.2.9
flowise@1.3.0
flowise@1.3.1
flowise@1.3.2
flowise@1.3.3
flowise@1.3.4
flowise@1.3.5
flowise@1.3.6
flowise@1.3.7
flowise@1.3.8
flowise@1.3.9
flowise@1.4.0
flowise@1.4.1
flowise@1.4.10
flowise@1.4.11
flowise@1.4.12
flowise@1.4.2
flowise@1.4.4
flowise@1.4.5
flowise@1.4.6
flowise@1.4.7
flowise@1.4.8
flowise@1.4.9
flowise@1.5.0
flowise@1.5.1
flowise@1.6.0
flowise@1.6.1
flowise@1.6.2
flowise@1.6.3
flowise@1.6.4
flowise@1.6.5
flowise@1.6.6
flowise@1.7.0
flowise@1.7.1
flowise@1.7.2
flowise@1.8.0
flowise@1.8.1
flowise@1.8.2
flowise@1.8.3
flowise@1.8.4
flowise@2.*
flowise@2.0.2
flowise@2.0.3
flowise@2.0.4
flowise@2.0.5
flowise@2.0.6
flowise@2.0.7
flowise@2.1.0
flowise@2.1.1
flowise@2.1.2
flowise@2.1.3
flowise@2.1.4
flowise@2.1.5
flowise@2.2.0
flowise@2.2.1
flowise@2.2.2
flowise@2.2.3
flowise@2.2.4
flowise@2.2.5
flowise@2.2.6
flowise@2.2.6-hotfix.1
flowise@2.2.7
flowise@2.2.7-patch.1
flowise@2.2.8
flowise@3.*
flowise@3.0.0
flowise@3.0.1
flowise@3.0.2
flowise@3.0.3
flowise@3.0.4
flowise@3.0.5
flowise@3.0.6
flowise@3.0.7
flowise@3.0.8
flowise@3.0.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71328.json"