Threat actors are actively exploiting a maximum-severity vulnerability in Flowise, an open-source AI platform. The flaw, tracked as CVE-2025-59528 with a CVSS score of 10.0, involves a code injection vulnerability within the CustomMCP node that facilitates remote code execution (RCE).
The vulnerability stems from the improper validation of user-provided strings during MCP server configuration, allowing attackers to execute arbitrary JavaScript. This grants access to sensitive Node.js modules like child_process and fs, potentially leading to full system compromise and data exfiltration. VulnCheck reports that exploitation attempts have been detected in the wild, targeting over 12,000 internet-facing instances.
Top comments (0)