A vulnerability identified as critical has been detected in Flowise up to 2.2.4 . The affected element is an unknown function of the file /api/v1/attachments . Performing a manipulation of the argument chatflowId results in file inclusion. This vulnerability is identified as CVE-2025-71333 . The attack can be initiated remotely. There is not any exploit available.