Critical Flowise AI Agent Builder Vulnerability Under Active Exploitation

A recently discovered critical vulnerability in the Flowise AI Agent Builder platform has been found to be under active exploitation by threat actors, according to a report by VulnCheck.

The vulnerability, identified as CVE-2025-59528, carries a CVSS score of 10.0, indicating a maximum-severity security flaw that could allow for remote code execution (RCE) due to a code injection vulnerability.

The issue is specifically related to the CustomMCP node, which permits users to input configuration settings for establishing connections, thus introducing the risk of malicious code injection.

With over 12,000 instances exposed, the vulnerability poses a significant risk to organizations utilizing the Flowise platform, emphasizing the need for immediate patching and mitigation strategies to prevent potential breaches.

The active exploitation of this vulnerability highlights the importance of staying vigilant and up-to-date with the latest security patches, especially in environments where AI and machine learning technologies are integrated.

As the threat landscape continues to evolve, it is crucial for organizations to prioritize cybersecurity and take proactive measures to protect against such vulnerabilities and potential attacks.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

German Authorities Unmask REvil Ransomware Leaders Behind 130 Attacks

Mitigating Multi-OS Cyberattacks: A 3-Step Approach for Security Leaders