- The Flowise AI platform had a CVSS-10 arbitrary code flaw
- Vulnerability in CustomMCP node exploited in the wild
- Up to 15,000 exposed instances need to be updated immediately
Flowise, a popular open source platform for building custom LLM applications and AI agents, featured a maximum severity vulnerability that allowed malicious actors to execute arbitrary code and thus, potentially, take control of entire systems.
Flowise is a low‑code platform that allows users to visually create AI workflows, chatbots, and LLM-based applications by dragging and dropping components instead of writing code. Its GitHub project has over 40,000 stars and is said to power millions of discussions and workflows between developers and businesses.
In September 2025, version 3.0.5 was discovered to contain a bug in the CustomMCP node. When users entered configuration data, the software executed it in JavaScript without verification. This allows attackers to execute any code on the server, including accessing files or executing system commands.
Article continues below
Spotted in the wild
The vulnerability was fixed in version 3.0.6 and currently the latest version is 3.1.1. However, more than six months later, security researchers have spotted malicious actors abusing it in the wild.
Quoting Caitlin Condon of vulnerability intelligence firm VulnCheck, BeepComputer reported that exploitation of the bug was observed on the company’s Canary network.
“Early this morning, VulnCheck’s Canary Network began detecting an initial exploitation of CVE-2025-59528, a CVSS-10 arbitrary JavaScript code injection vulnerability in Flowise, an open source AI development platform,” Condon warned.
She said the attack was limited to a single Starlink IP address, but warned it could soon expand, as there are currently up to 15,000 Flowise instances exposed to the wider internet. At least some of them are probably not updated to the latest versions and are therefore vulnerable.
The best solution would be to upgrade all Flowise instances to the most recent version and, if possible, remove them from the public internet if this is not necessary for daily operations.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
