A major cybersecurity issue has been found in Flowise AI Agent Builder, which is widely used to build AI-based applications and workflows. Researchers have confirmed that attackers are actively exploiting a critical vulnerability in this platform. The flaw has been given a CVSS score of 10.0, which is the highest possible severity level. This means the vulnerability is extremely dangerous and can lead to complete system compromise. Because of its impact and active exploitation, it is being treated as a high-priority threat.
The vulnerability is identified as CVE-2025-59528 and is related to a code injection issue. It exists in a feature called the CustomMCP node, which is designed to connect Flowise with external services. The problem occurs because user input is not properly validated before being executed. This allows attackers to insert malicious code into the system. As a result, it opens the door for remote code execution attacks.
Once this vulnerability is exploited, attackers can run arbitrary JavaScript code directly on the server. Since Flowise runs on Node.js, this access gives them full control over the system environment. They can execute commands, access sensitive files, and even manipulate system processes. This level of access makes it possible to completely take over the affected system. It also increases the risk of data theft and further attacks within the network.
One of the most concerning parts of this issue is how easy it is to exploit. In some cases, attackers only need a valid API token to carry out the attack. This lowers the technical barrier and makes it easier for more attackers to attempt exploitation. It also increases the number of potential attack scenarios. Organizations using Flowise in production environments are especially at risk.
Security researchers have already observed real-world attacks targeting this vulnerability. This confirms that the issue is not just theoretical but actively being used by threat actors. Reports suggest that attackers are scanning for exposed systems and exploiting them quickly. This kind of activity shows how fast attackers respond to newly discovered vulnerabilities. It also increases the urgency for organizations to take action.
Another serious concern is the number of exposed systems. More than 12,000 Flowise instances are currently accessible over the internet. These exposed systems create a large attack surface for hackers to target. Attackers can easily scan the internet to find vulnerable instances. This significantly increases the chances of widespread exploitation and damage.
This is not the first time Flowise has faced security issues. Researchers have previously discovered other vulnerabilities in the platform, including flaws that allowed command execution and file uploads. Some of these issues were also exploited in real-world attacks. The repeated appearance of such vulnerabilities raises concerns about the platform’s security practices. It also shows that AI tools are becoming a growing target for attackers.
To address this issue, a fix has been released in Flowise version 3.0.6. Users are strongly advised to update their systems to this version or a later one as soon as possible. Applying the patch is the most effective way to prevent exploitation. In addition, organizations should limit external access and monitor systems for suspicious activity. Quick action is necessary to reduce the risk from this critical vulnerability.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
