Ethical Hacking News
Flowise, an open-source platform used by developers and organizations to build AI agents and workflows, has been hit with a critical Remote Code Execution (RCE) vulnerability that allows hackers to execute arbitrary code. Upgrading to the latest version of Flowise is recommended, and users are advised to remove their instances from public access if external access is not needed.
The Flowise CustomMCP node has a critical Remote Code Execution (RCE) flaw, tracked as CVE-2025-59528. The exploit takes advantage of a specific design choice that enables users to inject JavaScript code without proper validation. Some users have been slow to address the vulnerability, with hackers already exploiting it to execute malicious code and steal sensitive data. The impact is significant given the widespread use of Flowise in AI prototyping, non-technical user toolsets, and customer support chatbots. Users are advised to upgrade to version 3.1.1 or 3.0.6, and consider removing instances from public access if external access is not needed.
The cybersecurity landscape has been abuzz with news of a critical vulnerability found in an open-source platform used by developers and organizations to build artificial intelligence (AI) agents and workflows. The vulnerability, tracked as CVE-2025-59528, is a maximum-severity Remote Code Execution (RCE) flaw in the Flowise CustomMCP node that allows configuration settings to connect to an external Model Context Protocol (MCP) server and execute arbitrary JavaScript code without any security checks.
The exploit takes advantage of a specific design choice made by the developers of Flowise, which enables users to inject JavaScript code into the platform's workflow without proper validation. This flaw was publicly disclosed last September, with warnings issued by security researchers at the time stating that successful exploitation could lead to command execution and file system access.
Despite these warnings, it appears that some users have been slow to address the vulnerability. According to Caitlin Condon, a security researcher at VulnCheck, early this morning, her company's Canary network began detecting first-time exploitation of CVE-2025-59528, a CVSS-10 arbitrary JavaScript code injection vulnerability in Flowise. This indicates that hackers are already taking advantage of this vulnerability to execute malicious code and potentially steal sensitive data.
The impact of this vulnerability is significant, given the widespread use of Flowise by developers working on AI prototyping, non-technical users working with no-code toolsets, and companies operating customer support chatbots and knowledge-based assistants. The fact that there are between 12,000 and 15,000 Flowise instances exposed online right now raises concerns about the potential for hackers to target these platforms.
However, it is unclear what percentage of those instances are vulnerable to this specific exploit. Condon notes that the observed activity related to CVE-2025-59528 occurs in addition to other vulnerabilities, such as CVE-2025-8943 and CVE-2025-26319, which also impact Flowise and for which active exploitation in the wild has been observed.
To mitigate the risk of this vulnerability, users are advised to upgrade their instances of Flowise to version 3.1.1 or at least 3.0.6 as soon as possible. Additionally, they should consider removing their instances from the public internet if external access is not needed.
The news of this critical vulnerability serves as a reminder of the importance of keeping software up-to-date and vigilant in monitoring for potential security threats. The fact that hackers are already exploiting this vulnerability highlights the need for organizations to prioritize cybersecurity and take proactive steps to protect themselves against such attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Critical-AI-Development-Platform-Vulnerability-The-Flowise-RCE-Exploit-ehn.shtml
Published: Tue Apr 7 14:09:39 2026 by llama3.2 3B Q4_K_M
