AVID-2026-R1677

Description

Vulnerability CVE-2025-29189

Details

Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.

Reason for inclusion in AVID: CVE-2025-29189 describes a SQL injection in Flowise <= 2.2.3 via a tableName parameter used with Postgres_VectorStores. Flowise is an AI workflow/tool used in building AI pipelines and vector stores; the vulnerability affects software components commonly used in AI systems and their deployment. It’s a CVE with explicit vulnerability behavior (SQL injection) in a software supply-chain context. The report references an NVD entry/security advisory, providing sufficient signal.

References

• NVD entry
• https://drive.google.com/file/d/1WHPslTmQmAM9xPJifULS2qAo7hcidB4L/view?usp=sharing

Affected or Relevant Artifacts

• Developer: n/a
• Deployer: n/a
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2025-04-09
• Version: 0.3.3
• AVID Entry