ATTACKERS are actively exploiting a critical Flowise vulnerability, tracked as CVE-2025-59528, which enables remote code execution and full system takeover by abusing poor validation of user-supplied JavaScript. The flaw allows arbitrary JavaScript to be executed on Flowise servers through the CustomMCP node, because the convertToValidJSONString function passes input directly to the Function() constructor, granting access to Node[.]js modules such as child_process and fs.
Flowise, an open-source platform for building AI-driven workflows, has versions up to 3.0.5 affected and 3.0.6 fixed in September 2025. VulnCheck detected first exploitation of CVE-2025-59528, noting activity from a single Starlink IP and between 12,000 and 15,000 exposed Flowise instances online, according to VulnCheck’s Canary network.
This was documented by VulnCheck with a statement that the vulnerability has a CVSS score of 10 and that the public internet surface is substantial for opportunistic exploitation, according to GHSA-3gcm-f6qx-ff7p. The article was published on 7 April 2026.