A critical security flaw in the Flowise platform, tracked as CVE-2025-59528, has been identified and is currently being exploited by attackers. This vulnerability, which has been assigned a maximum CVSS score of 10, allows for remote code execution and unauthorized access to file systems. Flowise is a widely-used open-source platform that facilitates the creation and management of AI-driven workflows and applications, making this flaw particularly concerning for its users.
The vulnerability originates from the improper validation of user-supplied JavaScript within the CustomMCP node of Flowise. Specifically, the mcpServerConfig input is processed insecurely, allowing user input to be executed as JavaScript code with full Node.js privileges. This oversight enables attackers to access sensitive modules such as child_process and fs, leading to potential command execution and file system access. The flaw affects all Flowise versions up to 3.0.5.
The impact of this vulnerability is significant, as it allows attackers to take full control of affected systems, execute arbitrary commands, and potentially steal sensitive data. The exploitation of this flaw requires only an API token, making it a severe risk to business operations and customer data security. VulnCheck has reported that the first exploitation attempts have been traced to a single Starlink IP, with an estimated 12,000 to 15,000 Flowise instances exposed online.
Flowise users are strongly advised to upgrade to version 3.0.6, which was released in September 2025 and addresses this critical flaw. Organizations using Flowise should prioritize this update to mitigate the risk of exploitation and protect their systems from potential compromise.
In addition to updating their systems, users should review their security practices and ensure that API tokens are managed securely to prevent unauthorized access. Continuous monitoring for unusual activity and implementing additional security measures can help safeguard against future vulnerabilities and attacks.
Source: https://securityaffairs.com/190471/security/attackers-exploit-critical-flowise-flaw-cve-2025-59528-for-remote-code-execution.html