2 matches found
@proompter/demo-next (>=0.0.16 <=0.0.19), @proompter/flowise (>=1.4.13 <=1.4.14) +2 more potentially affected by CVE-2025-8943 via flowise-components (>=1.3.4 <=3.1.2)
flowise-components NPM version =1.3.4, =0.0.16, =1.4.13, =0.0.1, =1.0.0, =3.1.2 Source cves: CVE-2025-8943 Source advisory: SNYK:JS-FLOWISECOMPONENTS-11953677...
CVE-2025-8943
The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...