- The Flowise AI platform carried the CVSS-10 arbitrary code bug
- Vulnerability in CustomMCP node exploited in the wild
- Up to 15,000 exposed cases are encouraged to update immediately
Flowise, a popular open source platform for building custom LLM apps and AI agents, had a maximum severity vulnerability that allowed threat actors to run arbitrary code, potentially taking over entire systems.
Flowise is a low-code platform that allows users to visually build AI workflows, chatbots and LLM-powered applications by dragging and dropping components instead of writing code. Its GitHub project has more than 40,000 stars and is reported to power millions of chats and workflows across developers and companies.
In September 2025, it was discovered that version 3.0.5 contained a bug in the CustomMCP node. When users entered configuration data, the software would run it as unchecked JavaScript. This lets attackers execute any code on the server, including accessing files or running system commands.
The article continues below
Stained in nature
The vulnerability was fixed in version 3.0.6 and currently the latest version is 3.1.1 – however, more than half a year later, security researchers discovered threat actors exploiting it in the wild.
Quoting Caitlin Condon of vulnerability intelligence firm VulnCheck, Bleeping Computer reported that the exploit of the flaw was seen in the company’s Canary network.
“Early this morning, VulnCheck’s Canary network began detecting initial exploitation of CVE-2025-59528, a CVSS-10 arbitrary JavaScript code injection vulnerability in Flowise, an open source AI development platform,” Condon warned.
She said the attack was limited to a single Starlink IP, but warned it could soon expand as up to 15,000 Flowise instances are currently exposed to the wider internet. At least some of them are most likely not updated to the latest versions and as such vulnerable.
The best course of action would be to bring all Flowise instances to the latest version and, if possible, remove them from the public internet if not needed for day-to-day operations.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
