A vulnerability identified as critical has been detected in Flowise up to 3.0.9 . The impacted element is an unknown function of the component Account Profile Endpoint . Performing a manipulation results in unverified password change. This vulnerability is known as CVE-2025-71337 . Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.