A severe security vulnerability has been discovered in FlowiseAI, an open-source AI workflow automation tool, exposing users to the risk of complete account compromise. Tracked as CVE-2025-58434, this vulnerability affects both the cloud-hosted version of FlowiseAI and self-hosted deployments that expose the relevant API endpoints.
The FlowiseAI vulnerability centers on the application’s password reset functionality, specifically the /api/v1/account/forgot-password endpoint. The flaw is categorized as Unauthenticated Password Reset Token Disclosure, carrying a CVSS v3.1 score of 9.8, which qualifies as critical. The vector string assigned to the vulnerability is: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Disclosed by security researcher HenryHengZJ and published as GHSA-wgpv-6j63-x5ph, this issue affects all FlowiseAI versions below 3.0.5, and as of now, no official patch has been released.
CVE-2025-58434: FlowiseAI Password Reset Flaw
The crux of the vulnerability lies in how FlowiseAI handles password reset requests. When a user initiates a password reset, instead of securely sending a reset token via email (as per standard best practices), the API directly returns a JSON response containing sensitive account information. This includes the user’s ID, name, email address, hashed credentials, account status, and most critically, a valid password reset token (tempToken) along with its expiration timestamp.
This implementation flaw allows unauthenticated attackers to supply any user’s email address, which may be guessable or publicly known, and receive a valid password reset token for that account. Using this token, an attacker can immediately reset the password through another endpoint (/api/v1/account/reset-password) and gain full access to the victim’s account, all without any form of verification or user interaction.
Exploitation Requires Minimal Effort
A proof-of-concept (PoC) shows how simple it is to exploit this vulnerability:
- Submit a password reset request with the victim’s email.
- Receive a response that includes the reset token (tempToken).
- Use the token to change the password and gain access.
This flaw represents a complete authentication bypass and insecure direct object exposure, exposing every account, including those with administrative privileges, to potential compromise.
The vulnerability in FlowiseAI affects:
- The cloud-hosted version at cloud.flowiseai.com
- Any self-hosted deployment running a version below 3.0.5 that exposes the same API endpoints
Because no prior access or user action is required, and the only prerequisite is knowledge of a user’s email address, the risk of exploitation is extremely high.
Security Recommendations
Given the severity of CVE-2025-58434, organizations using FlowiseAI are urged to take immediate mitigation steps, including:
- Disabling public access to the /api/v1/account/forgot-password endpoint until a patch is available.
- Avoid direct return of reset tokens or account information via APIs.
- Ensuring reset tokens are delivered securely through email, and only after validation steps.
- Using generic responses to password reset requests to prevent user enumeration.
- Implementing strong token validation with short expiry, origin tracking, and one-time use.
- Monitoring logs for unusual or high-volume password reset activity.
- Enforcing multi-factor authentication (MFA) for high-privilege accounts.
As of the latest update, no fix or patch is available from FlowiseAI maintainers. Organizations running affected versions must implement compensating controls immediately to avoid account takeover incidents.
