Remote Code Execution Vulnerability in Flowise by FlowiseAI
CVE-2025-59528
Key Information:
Badges
What is CVE-2025-59528?
Flowise, a user-friendly platform for creating customized large language model flows, has a significant vulnerability in version 3.0.5 that allows for remote code execution. The flaw lies within the CustomMCP node, where user input is inadequately sanitized. Specifically, the mcpServerConfig string is parsed and directly evaluated as JavaScript using the Function() constructor without any security checks. This allows an attacker to execute arbitrary JavaScript code with full privileges, making it possible to access sensitive and potentially dangerous system resources, including child processes and file systems. Users are urged to upgrade to version 3.0.6, which includes a patch to remediate this vulnerability.
Affected Version(s)
Flowise = 3.0.5
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Max severity Flowise RCE vulnerability now exploited in attacks
Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code.
2 weeks ago
The Hacker NewsCVE-2025-59528Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.
2 weeks ago
References
EPSS Score
83% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved