Ethical Hacking News
A critical-severity security flaw has been discovered in an open-source AI platform called Flowise. According to recent findings from VulnCheck, a CVSS 10.0 RCE vulnerability is allowing threat actors to execute arbitrary JavaScript code on the server, leading to full system compromise and sensitive data exfiltration. This highlights the importance of staying informed about newly discovered vulnerabilities and taking swift action to patch these issues before they can be exploited by malicious actors.
A critical-severity security flaw was discovered in the open-source AI platform Flowise.The vulnerability, CVE-2025-59528, allows threat actors to execute arbitrary JavaScript code on the server, leading to full system compromise and sensitive data exfiltration.The issue is found in the CustomMCP node of the platform, which fails to validate user-provided input, allowing execution of malicious code.The vulnerability poses an extreme security risk to business continuity and customer data due to its potential for exploiting dangerous modules with full Node.js runtime privileges.Despite being public for over six months, numerous organizations have been targeted by threat actors taking advantage of this unaddressed vulnerability.
The world of artificial intelligence (AI) and cybersecurity has recently experienced a significant setback with the discovery of a critical-severity security flaw in an open-source AI platform, Flowise. According to new findings from VulnCheck, a code injection vulnerability, CVE-2025-59528, with a CVSS score of 10.0, has been exploited by threat actors to execute arbitrary JavaScript code on the Flowise server, leading to full system compromise and sensitive data exfiltration.
The vulnerability in question is found in the CustomMCP node of the Flowise platform, which allows users to input configuration settings for connecting to an external MCP (Model Context Protocol) server. The issue arises from the fact that this node parses user-provided mcpServerConfig strings without any security validation, thus executing JavaScript code without adequate protection.
Flowise noted in its advisory released in September 2025 that successful exploitation of the vulnerability could allow access to dangerous modules such as child_process (command execution) and fs (file system), which are run with full Node.js runtime privileges. This poses an extreme security risk to business continuity and customer data, given that only an API token is required for authentication.
The issue was addressed in version 3.0.6 of the npm package, but unfortunately, this has led to exploitation activity originating from a single Starlink IP address, exposing approximately 12,000+ instances of the platform to active scanning and exploitation attempts.
Caitlin Condon, vice president of security research at VulnCheck, stated that "This is a critical-severity bug in a popular AI platform used by a number of large corporations." She further emphasized that this specific vulnerability has been public for more than six months, giving defenders ample time to prioritize and patch the vulnerability.
However, despite having sufficient warning time, the active scanning and exploitation attempts against the vulnerability indicate that threat actors have had plenty of targets to opportunistically reconnoiter and exploit. This highlights a serious concern in the cybersecurity world - the fact that numerous high-profile vulnerabilities remain unaddressed by organizations, allowing threat actors to take advantage of these gaps.
The discovery of this security flaw serves as a stark reminder of the ever-evolving nature of cybersecurity threats and the need for continuous vigilance from both organizations and individuals. As AI continues to become increasingly integrated into our daily lives, it is imperative that we prioritize robust security measures to protect against potential vulnerabilities like the one discovered in Flowise.
As experts continue to investigate and address emerging security threats, it is crucial for organizations to stay informed about the latest vulnerability reports and patches. By staying proactive and taking swift action when necessary, defenders can minimize the risk of being exploited by threat actors exploiting these newly discovered vulnerabilities.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Security-Flaw-Discovered-in-Open-Source-AI-Platform-Flowise-Threat-Actors-Exploiting-CVSS-100-RCE-Vulnerability-ehn.shtml
https://thehackernews.com/2026/04/flowise-ai-agent-builder-under-active.html
https://edr.com.mx/2026/04/07/edr-news-te-informa-flowise-ai-agent-builder-under-active-cvss-10-0-rce-exploitation-12000-instances-exposed/
Published: Tue Apr 7 01:49:53 2026 by llama3.2 3B Q4_K_M
