Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-xr12-v6pr-xqdr
Vulnerability ID VCID-xr12-v6pr-xqdr
Aliases CVE-2025-29189
GHSA-gjx9-wg9x-7gvp
Summary Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2025-29189
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2025-29189
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2025-29189
epss 0.00183 https://api.first.org/data/v1/epss?cve=CVE-2025-29189
cvssv3.1 7.6 https://drive.google.com/file/d/1WHPslTmQmAM9xPJifULS2qAo7hcidB4L/view?usp=sharing
generic_textual HIGH https://drive.google.com/file/d/1WHPslTmQmAM9xPJifULS2qAo7hcidB4L/view?usp=sharing
ssvc Track https://drive.google.com/file/d/1WHPslTmQmAM9xPJifULS2qAo7hcidB4L/view?usp=sharing
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-gjx9-wg9x-7gvp
cvssv3.1 7.6 https://github.com/FlowiseAI/Flowise
generic_textual HIGH https://github.com/FlowiseAI/Flowise
cvssv3.1 7.6 https://github.com/FlowiseAI/Flowise/commit/9a417bdc95f58d6dd92cbf60dad42414aba34754
generic_textual HIGH https://github.com/FlowiseAI/Flowise/commit/9a417bdc95f58d6dd92cbf60dad42414aba34754
cvssv3.1 7.6 https://github.com/FlowiseAI/Flowise/pull/3818
generic_textual HIGH https://github.com/FlowiseAI/Flowise/pull/3818
cvssv3.1 7.6 https://nvd.nist.gov/vuln/detail/CVE-2025-29189
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2025-29189
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2025-29189
https://github.com/FlowiseAI/Flowise/commit/9a417bdc95f58d6dd92cbf60dad42414aba34754
https://github.com/FlowiseAI/Flowise/pull/3818
https://nvd.nist.gov/vuln/detail/CVE-2025-29189
GHSA-gjx9-wg9x-7gvp https://github.com/advisories/GHSA-gjx9-wg9x-7gvp
view?usp=sharing https://drive.google.com/file/d/1WHPslTmQmAM9xPJifULS2qAo7hcidB4L/view?usp=sharing
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L Found at https://drive.google.com/file/d/1WHPslTmQmAM9xPJifULS2qAo7hcidB4L/view?usp=sharing
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:42:16Z/ Found at https://drive.google.com/file/d/1WHPslTmQmAM9xPJifULS2qAo7hcidB4L/view?usp=sharing
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L Found at https://github.com/FlowiseAI/Flowise
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L Found at https://github.com/FlowiseAI/Flowise/commit/9a417bdc95f58d6dd92cbf60dad42414aba34754
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L Found at https://github.com/FlowiseAI/Flowise/pull/3818
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2025-29189
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.39849
EPSS Score 0.00183
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:07:45.951019+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2025/29xxx/CVE-2025-29189.json 38.6.0