The open-source generative AI development platform FlowiseAI, widely used for building AI agents and LLM workflows, has been found vulnerable to a critical flaw that enables unauthenticated account takeover across both cloud and self-hosted deployments.
The flaw, tracked as CVE-2025-58434 and rated CVSS 9.8, stems from the platform’s password reset mechanism. According to the advisory, “The forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker to generate a reset token for arbitrary users and directly reset their password, leading to a complete account takeover (ATO).”
The vulnerable endpoint, /api/v1/account/forgot-password, accepts only an email address as input. Instead of sending a reset link securely via email, the API responds with highly sensitive account details, including:
- User ID, name, email, and credential hash
- Account status and timestamps
- A valid password reset tempToken and its expiry
The advisory notes, “This tempToken can then be reused immediately in the /api/v1/account/reset-password endpoint to reset the password of the targeted account without any email verification or user interaction.”
Because exploitation only requires knowledge of a victim’s email—often guessable or publicly available—any unauthenticated attacker can take over arbitrary accounts, including administrators.
The advisory provides a working exploit scenario:
-
Request reset token for victim:
curl -i -X POST https://<target>/api/v1/account/forgot-password -H "Content-Type: application/json" -d '{"user":{"email":"[email protected]"}}'Response includes valid
tempToken. -
Use token to reset password:
curl -i -X POST https://<target>/api/v1/account/reset-password -H "Content-Type: application/json" -d '{ "user":{ "email":"[email protected]", "tempToken":"<redacted-tempToken>", "password":"NewSecurePassword123!" } }'Expected Result:
200 OK— the victim’s password is changed, granting full login access
The vulnerability is classified as Authentication Bypass / Insecure Direct Object Exposure with the following consequences:
- Complete Account Takeover — including high-value administrator accounts
- Data Exposure & Impersonation — access to sensitive organizational assets
- No User Interaction Required — making exploitation trivial
- Affects Both Cloud & Local Deployments — widening the threat surface
As the advisory warns, “High likelihood of exploitation since no prior access or user interaction is required.”
FlowiseAI has not yet released a patch, leaving all versions prior to 3.0.5 vulnerable. Recommended mitigations include:
- Do not return reset tokens or sensitive details in API responses.
- Ensure tokens are only delivered via secure email.
- Respond with generic success messages to prevent user enumeration.
- Enforce single-use, short-lived tokens tied to request origin.
- Log and monitor all password reset requests.
- Implement multi-factor authentication (MFA) for sensitive accounts.
Until patches are available, administrators must apply strict workarounds, restrict exposure of vulnerable endpoints, and closely monitor reset activity.
As the advisory stresses, “This effectively allows any unauthenticated attacker to take over arbitrary accounts (including admin or privileged accounts) by requesting a reset for their email.”
- CISA Warns of Credential Risks Tied to Oracle Cloud Breach
- HTTP/2 Rapid Reset Attack: HTTP/2 Zero-Day Vulnerability Rocks Cybersecurity World
- GitLab Patches High-Severity Flaws: Update Now to Prevent XSS and Account Takeover
- CISA Flags Two Actively Exploited Vulnerabilities: TP-Link Router Reset Flaw and WhatsApp Zero-Day Chain
- GitLab Releases Security Update to Patch XSS and Account Takeover Flaws
