Summary
Flowise is facing active exploitation of CVE-2025-59528, a critical vulnerability that allows attackers to execute arbitrary JavaScript and take full control of AI workflow servers.
Take Action:
If you're running Flowise, this is urgent. Your tool is being attacked. Make sure Flowise is isolated from the internet unless absolutely necessary, and update to version 3.0.6 ASAP. Until you can update, restrict access to trusted IPs only. After isolating or patching (whichever comes first), rotate all API tokens and credential.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)