Critical Flowise AI Platform Vulnerability Exploited in the Wild (CVE-2025-59528)
A severe code injection vulnerability in Flowise, a widely used open-source AI development platform, is actively being exploited by attackers. Tracked as CVE-2025-59528 with a CVSS score of 10.0, the flaw allows remote attackers to execute arbitrary code and gain full control of affected servers.
The vulnerability stems from improper handling of external server configurations in Flowise’s CustomMCP (Model Context Protocol) node. When processing user-provided input, the platform evaluates the data as unfiltered JavaScript code via Node.js’s Function() constructor, enabling attackers to inject malicious commands. Exploitation requires only a single crafted request to a vulnerable API endpoint, granting attackers access to system modules, file operations, and command execution.
Security firm VulnCheck detected the first live attacks, originating from a Starlink IP address. Successful exploitation can lead to full system compromise, unauthorized file access, data exfiltration, and silent execution of system-level commands. Approximately 15,000 Flowise instances remain exposed on the public internet, heightening the risk for organizations using the platform.
This is not the first time Flowise has been targeted previous vulnerabilities (CVE-2025-8943 and CVE-2025-26319) were also exploited in recent months. The flaw affects Flowise versions 3.0.5 and earlier, with a patch released in version 3.0.6. Security teams are urged to upgrade immediately to mitigate the threat.
Source: https://gbhackers.com/attackers-exploit-flowise-injection-vulnerability/
FlowiseAI cybersecurity rating report: https://www.rankiteo.com/company/flowiseai
"id": "FLO1775557725",
"linkid": "flowiseai",
"type": "Vulnerability",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Approximately 15,000 exposed '
'instances',
'industry': 'Technology/AI',
'name': 'Flowise',
'type': 'Open-source AI development platform'}],
'attack_vector': 'Remote API Request',
'data_breach': {'data_exfiltration': 'Possible',
'sensitivity_of_data': 'High (system-level access)',
'type_of_data_compromised': 'System files, potentially '
'sensitive data'},
'description': 'A severe code injection vulnerability in Flowise, a widely '
'used open-source AI development platform, is actively being '
'exploited by attackers. Tracked as CVE-2025-59528 with a CVSS '
'score of 10.0, the flaw allows remote attackers to execute '
'arbitrary code and gain full control of affected servers. The '
'vulnerability stems from improper handling of external server '
'configurations in Flowise’s CustomMCP (Model Context '
'Protocol) node, enabling attackers to inject malicious '
'commands via unfiltered JavaScript code evaluation.',
'impact': {'data_compromised': 'Unauthorized file access, data exfiltration',
'operational_impact': 'Full system compromise, silent execution of '
'system-level commands',
'systems_affected': 'Flowise servers (versions 3.0.5 and earlier)'},
'initial_access_broker': {'entry_point': 'Vulnerable API endpoint (CustomMCP '
'node)'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Patch released in version '
'3.0.6',
'root_causes': 'Improper handling of external '
'server configurations, unfiltered '
'JavaScript code evaluation via '
'Node.js’s `Function()` '
'constructor'},
'recommendations': 'Upgrade to Flowise version 3.0.6 immediately to mitigate '
'the threat.',
'references': [{'source': 'VulnCheck'}],
'response': {'remediation_measures': 'Upgrade to Flowise version 3.0.6',
'third_party_assistance': 'VulnCheck (security firm)'},
'title': 'Critical Flowise AI Platform Vulnerability Exploited in the Wild '
'(CVE-2025-59528)',
'type': 'Code Injection',
'vulnerability_exploited': 'CVE-2025-59528'}