CVE-2025-34267

CVE-2025-34267 is an authenticated remote code execution vulnerability combined with a Node VM sandbox escape in Flowise, affecting versions from v3.0.1 up to but not including 3.0.8, as well as all subsequent versions where the 'ALLOW_BUILTIN_DEP' configuration option is enabled. The issue stems from insecure usage of the integrated Puppeteer and Playwright modules within the nodevm execution environment. These modules allow specification of attacker-controlled browser binary paths and parameters, which bypass the intended sandbox restrictions when a tool leveraging them is executed.

An authenticated attacker with the ability to create or run a tool that uses Puppeteer or Playwright can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation results in arbitrary code execution on the host system in the context of the Flowise process, granting high confidentiality, integrity, and availability impacts, as reflected in the CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). The vulnerability is linked to CWE-77 (Command Injection).

Mitigation details are available in the official Flowise security advisory (GHSA-5w3r-f6gm-c25w) and a related pull request (#5231) on the Flowise GitHub repository, along with analysis from VulnCheck. Note that developers initially misidentified this as a duplicate of CVE-2025-26319, but it is distinct. Security practitioners should review these resources for patching instructions and disable 'ALLOW_BUILTIN_DEP' where possible. FlowiseAI is a low-code platform for building LLM applications, making this relevant to AI/ML deployments.