CVE-2025-29192 HIGH

CVE-2025-29192

Vendor Flowiseai

Product Flowise

Weakness CWE-79 · XSS

Published October 6, 2025

Last update October 6, 2025

View on NVD All CVEs

CVSS base score

8.2/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.

Key dates

02Disclosure timeline

October 6, 2025 CVE published

October 6, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-29192 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-22500 WordPress Alpha Price Table For Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability CVE-2025-25131 WordPress RJ Quickcharts plugin <= 0.6.1 - Cross Site Scripting (XSS) vulnerability CVE-2023-48504 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-45819 Cross-site Scripting vulnerability in TinyMCE notificationManager.open API CVE-2025-47488 WordPress Bold Page Builder plugin <= 5.3.2 - Cross Site Scripting (XSS) Vulnerability