Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code.

BleepingComputer

A maximum-severity (CVSS 10) remote code execution vulnerability in Flowise, tracked as CVE-2025-59528, is now being actively exploited. The flaw exists in the CustomMCP node, which unsafely evaluates JavaScript from the mcpServerConfig input without validation. Originally disclosed last September and patched in version 3.0.6, between 12,000 and 15,000 Flowise instances remain exposed online. Exploitation has been detected by VulnCheck's Canary network originating from a single Starlink IP. Users are urged to upgrade to version 3.1.1 immediately or remove public internet exposure if external access is unnecessary.

Max severity Flowise RCE vulnerability now exploited in attacks