THREATNOIR
Subscribe
Back to Feed
VulnerabilitiesApr 14, 2026

‼️ CVE-2025-58434 and CVE-2025-59528: Flowise Dual CVE PoC GitHub: https://t.co/dklzVorfjf The...

Flowise dual CVE PoC demonstrates chained unauthenticated account takeover and RCE.

Read at source

Summary

Two critical vulnerabilities in Flowise (CVE-2025-58434 and CVE-2025-59528) have been publicly disclosed with proof-of-concept code. CVE-2025-58434 enables unauthenticated account takeover, which can then be leveraged to satisfy authentication requirements for CVE-2025-59528, resulting in remote code execution.

Indicators of Compromise

  • cve — CVE-2025-58434
  • cve — CVE-2025-59528

Entities

Flowise (product)