ACCORDING to VulnCheck, threat actors have started to exploit a critical vulnerability in Flowise that allows remote code execution by abusing unvalidated user-supplied JavaScript used to configure an external MCP. The flaw is tracked as CVE-2025-59528, with a CVSS score of 10, and stems from passing user input directly to a function that evaluates it as JavaScript code with full Node[.]js privileges. Flowise versions up to 3.0.5 are affected, with a patch issued in version 3.0.6 released in September 2025.
VulnCheck says it has observed first in-the-wild exploitation attempts targeting CVE-2025-59528 and notes that between 12,000 and 15,000 Flowise instances are publicly accessible, though it remains unclear how many are running vulnerable versions. Caitlin Condon, VulnCheck VP of security research, describes the attack surface as extensive and opportunistic given the exposed deployments.