Severe Vulnerability Exploited in Flowise AI Platform

Severe Vulnerability Exploited in Flowise AI Platform

Posted on By CWS

A major security flaw in the Flowise AI platform, an open-source application, is currently under exploitation by cybercriminals, as revealed by VulnCheck. Identified as CVE-2025-59528, this vulnerability has been assigned the maximum severity score of 10.0 under the Common Vulnerability Scoring System (CVSS).

Understanding the Vulnerability

The flaw, a code injection vulnerability, allows for remote code execution via the CustomMCP node. This node processes user inputs to configure connections to external servers using a string called mcpServerConfig. Unfortunately, Flowise’s advisory from September 2025 highlighted that this process executes JavaScript code without proper security checks.

When exploited, this vulnerability grants attackers access to critical Node.js modules like child_process and fs, enabling command execution and file system access. In essence, attackers can execute arbitrary JavaScript code, leading to complete system compromise and potential data breaches.

Security Implications and Responses

Flowise has emphasized the significant risk posed by this vulnerability, as it only requires an API token to exploit, threatening business operations and customer data. The issue was initially discovered and reported by Kim SooHyun and has since been addressed in version 3.0.6 of the npm package.

VulnCheck reported that the exploitation attempts are traced back to a single Starlink IP address. This vulnerability marks the third instance of a Flowise flaw being exploited in the wild, following CVE-2025-8943 and CVE-2025-26319, with CVSS scores of 9.8 and 8.9, respectively.

Wider Impact and Future Outlook

Caitlin Condon from VulnCheck described this as a critical-severity bug affecting a widely used AI platform by numerous large companies. Despite being publicly known for over six months, many instances remain vulnerable. The exposure of over 12,000 instances has expanded the attack surface significantly, making them attractive targets for opportunistic attackers.

As the situation unfolds, it is crucial for organizations using Flowise AI to ensure their systems are updated and patched promptly to mitigate potential risks. Continuous monitoring and proactive security measures are recommended to safeguard against future exploitation attempts.

The Hacker News Tags:, , , , , , , , , , , , , ,

Related Posts

See Threats to Your Industry & Country in Real Time See Threats to Your Industry & Country in Real Time The Hacker News
CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution The Hacker News
Mitigating Risks of Exposed Endpoints in LLM Infrastructure Mitigating Risks of Exposed Endpoints in LLM Infrastructure The Hacker News
ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet The Hacker News
Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT The Hacker News
PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign The Hacker News