- Flowise AI Platform Had CVSS-10 Arbitrary Code Flaw
- Vulnerability in CustomMCP node exploited in the wild
- Up to 15,000 exposed instances are urged to immediately upgrade
Flowise, a popular open source platform for creating custom LLM applications and AI agents, had a maximum severity vulnerability that allowed threat actors to execute arbitrary code and therefore potentially take over entire systems.
Flowise is a low-code platform that allows users to visually create AI workflows, chatbots, and LLM-based applications by dragging and dropping components instead of writing code. Their GitHub project has over 40,000 stars and reportedly powers millions of chats and workflows between developers and businesses.
In September 2025, version 3.0.5 was discovered to contain a bug in the CustomMCP node. When users entered configuration data, the software executed it as JavaScript without checks. This allowed attackers to execute any code on the server, including accessing files or executing system commands.
Article continues below.
Seen in nature
The vulnerability was fixed in version 3.0.6 and currently the latest version is 3.1.1; However, more than half a year later, security researchers detected threat actors abusing it in the wild.
Quoting Caitlin Condon of vulnerability intelligence firm VulnCheck, beepcomputer reported that the exploitation of the error was seen in the company’s Canary Islands network.
“Early this morning, VulnCheck’s Canary network began detecting for the first time the exploitation of CVE-2025-59528, a CVSS-10 arbitrary JavaScript code injection vulnerability in Flowise, an open source AI development platform,” Condon warned.
He said the attack was limited to a single Starlink IP, but warned that it could soon expand, as there are currently up to 15,000 Flowise instances exposed to the broader internet. Chances are that at least some of them are not updated to the latest versions and as such are vulnerable.
The best course of action would be to bring all Flowise instances to the latest version and, if possible, remove them from the public internet if not necessary for daily operations.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
