Flowise AI - Critical RCE Vulnerability Under Active Exploitation
Active exploitation or massive impact β immediate action required
Basically, hackers can take control of Flowise servers due to a serious security flaw.
A critical vulnerability in Flowise AI is being actively exploited, affecting over 12,000 instances. This flaw allows remote code execution, posing severe risks to data security. Organizations must act swiftly to patch and protect their systems.
What Happened
Threat actors are currently exploiting a maximum-severity vulnerability in Flowise, an open-source AI platform. This vulnerability, identified as CVE-2025-59528, has a CVSS score of 10.0, indicating critical risk. According to findings from VulnCheck, the flaw allows for remote code execution (RCE), enabling attackers to run arbitrary JavaScript on affected servers.
The Flaw
The vulnerability resides in the CustomMCP node, which allows users to input configuration settings for connecting to an external Model Context Protocol (MCP) server. During this process, the system executes user-provided JavaScript code without proper security validation. This oversight can lead to severe consequences, such as unauthorized command execution and file system access.
Who's Affected
Over 12,000 instances of Flowise are currently exposed to this vulnerability, making it a significant target for attackers. The flaw has been publicly known for more than six months, giving organizations ample time to implement patches. However, the ongoing exploitation suggests that many instances remain unprotected.
What Data Was Exposed
Successful exploitation of this vulnerability can lead to:
- Full system compromise
- File system access
- Command execution
- Sensitive data exfiltration As only an API token is required for access, the risks to business continuity and customer data are extremely high.
Patch Status
Flowise has addressed this issue in version 3.0.6 of its npm package. Organizations using older versions are strongly advised to update immediately to mitigate the risk of exploitation.
Immediate Actions
To protect against this vulnerability, organizations should:
- Update Flowise to the latest version (3.0.6 or higher).
- Conduct a security audit to identify any exposed instances.
- Monitor for unusual activity that could indicate exploitation attempts.
- Ensure that API tokens are secured and access is restricted.
Conclusion
The exploitation of CVE-2025-59528 represents a serious threat to organizations relying on Flowise. With the potential for widespread impact, immediate action is necessary to safeguard systems and data from malicious actors.
π How to Check If You're Affected
- 1.Check if your Flowise instance is running an outdated version (prior to 3.0.6).
- 2.Review logs for any unauthorized access attempts or unusual activity.
- 3.Verify that API tokens are secured and access is limited.
π Pro insight: The high CVSS score and active exploitation highlight the urgent need for organizations to prioritize patching and monitoring efforts.