• Home
  • cyber
  • Flowise: Critical Flowise RCE Vulnerability Actively Exploited, Thousands of Systems at Risk
cyber Vulnerability

Flowise: Critical Flowise RCE Vulnerability Actively Exploited, Thousands of Systems at Risk

Sep 1, 2025 2 min read
Flowise: Critical Flowise RCE Vulnerability Actively Exploited, Thousands of Systems at Risk

Critical Flowise RCE Vulnerability (CVE-2025-59528) Actively Exploited in the Wild

A maximum-severity remote code execution (RCE) vulnerability in Flowise, tracked as CVE-2025-59528, is now under active exploitation. The flaw allows attackers to execute arbitrary code on vulnerable systems, potentially leading to full compromise.

The vulnerability stems from unsafe handling of user input in the CustomMCP node, a component used to connect with external Model Context Protocol (MCP) servers. Attackers can inject malicious JavaScript via the mcpServerConfig setting, bypassing validation checks. The issue was first disclosed in September 2024, with warnings that exploitation could enable command execution and unauthorized file system access.

Flowise, an open-source low-code platform for building AI agents and LLM workflows, released a patch in version 3.0.6, with the latest secure version (3.1.1) released two weeks ago. Despite the fix, real-world exploitation has been observed.

Exploitation Evidence & Attack Surface
Security researchers at VulnCheck detected initial exploitation attempts originating from a Starlink IP address. Their analysis identified 12,000–15,000 publicly exposed Flowise instances, though the exact number of vulnerable deployments remains unclear. While current activity appears limited, the broad attack surface increases the risk of wider exploitation as exploit techniques proliferate.

Additional Vulnerabilities Under Attack
CVE-2025-59528 is not the only Flowise flaw being targeted. Two other vulnerabilities CVE-2025-8943 and CVE-2025-26319 have also been added to VulnCheck’s Known Exploited Vulnerabilities (KEV) catalog, indicating a pattern of attackers leveraging multiple flaws to gain unauthorized access.

Organizations using Flowise are urged to upgrade to the latest patched version to mitigate risks. The incident underscores the growing threat to AI-driven development platforms as attackers increasingly target low-code environments.

Source: https://thecyberexpress.com/flowise-rce-vulnerability-cve-2025-59528/

FlowiseAI cybersecurity rating report: https://www.rankiteo.com/company/flowiseai

"id": "FLO1775643912",
"linkid": "flowiseai",
"type": "Vulnerability",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'AI/Software Development',
                        'name': 'Flowise',
                        'type': 'Open-source low-code platform'}],
 'attack_vector': 'User input injection via CustomMCP node (mcpServerConfig '
                  'setting)',
 'date_publicly_disclosed': '2024-09',
 'description': 'A maximum-severity remote code execution (RCE) vulnerability '
                'in Flowise, tracked as CVE-2025-59528, is now under active '
                'exploitation. The flaw allows attackers to execute arbitrary '
                'code on vulnerable systems, potentially leading to full '
                'compromise. The vulnerability stems from unsafe handling of '
                'user input in the CustomMCP node, enabling malicious '
                'JavaScript injection via the mcpServerConfig setting. '
                'Exploitation could enable command execution and unauthorized '
                'file system access.',
 'impact': {'operational_impact': 'Potential full system compromise, '
                                  'unauthorized file system access, command '
                                  'execution',
            'systems_affected': 'Flowise instances (12,000–15,000 publicly '
                                'exposed)'},
 'investigation_status': 'Ongoing (exploitation observed, attack surface '
                         'analyzed)',
 'post_incident_analysis': {'corrective_actions': 'Patch released (versions '
                                                  '3.0.6 and 3.1.1)',
                            'root_causes': 'Unsafe handling of user input in '
                                           'CustomMCP node (mcpServerConfig '
                                           'setting), bypassing validation '
                                           'checks'},
 'recommendations': 'Organizations using Flowise are urged to upgrade to the '
                    'latest patched version to mitigate risks.',
 'references': [{'source': 'VulnCheck'}],
 'response': {'remediation_measures': 'Upgrade to patched versions (3.0.6 or '
                                      'later, latest 3.1.1)',
              'third_party_assistance': 'VulnCheck (security researchers)'},
 'title': 'Critical Flowise RCE Vulnerability (CVE-2025-59528) Actively '
          'Exploited in the Wild',
 'type': 'Remote Code Execution (RCE)',
 'vulnerability_exploited': ['CVE-2025-59528',
                             'CVE-2025-8943',
                             'CVE-2025-26319']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.