Security experts have issued a warning that a significant vulnerability in the Flowise platform is being actively exploited by cybercriminals. This flaw, identified as CVE-2025-59528 with a critical CVSS score of 10, permits attackers to execute arbitrary code remotely, according to a report by VulnCheck.
Understanding the Flowise Vulnerability
Flowise, known for its ability to develop customized LLM flows and autonomous agents through a user-friendly drag-and-drop interface, has been compromised due to a lack of validation in user-supplied JavaScript code. This code is processed in a function that handles configuration settings for connecting to an external MCP.
The vulnerability arises because the input provided by users to set up the MCP server configuration is directly evaluated and executed as JavaScript code. This process occurs with full Node.js runtime privileges, leading to potential remote code execution and unauthorized access to the file system.
Impact and Potential Threats
The successful exploitation of this bug could result in attackers taking over vulnerable systems and stealing sensitive data. Flowise has highlighted the severity of this issue, noting that only an API token is needed for exploitation, which poses substantial risks to business operations and customer data.
The flaw affects Flowise versions up to 3.0.5. However, a patch was issued in version 3.0.6, released in September 2025, to address this security defect. Despite the availability of this patch, VulnCheck has observed active attempts to exploit this vulnerability, indicating that attackers are targeting systems that have yet to be updated.
Current Exploitation and Precautionary Measures
VulnCheck has reported that between 12,000 and 15,000 Flowise instances are publicly accessible, although the exact number running vulnerable versions is unknown. This substantial internet-facing attack surface increases the potential for opportunistic scanning and exploitation by cybercriminals.
Caitlin Condon, VP of security research at VulnCheck, emphasized the criticality of this vulnerability given Flowise’s popularity among large corporations. She noted that the vulnerability has been known for over six months, providing defenders ample time to patch systems.
Organizations using Flowise are urged to update to the latest version to mitigate these risks. As attackers continue to exploit this vulnerability, ensuring systems are secure is crucial to protect sensitive information and maintain business continuity.
