A maximum-severity vulnerability in Flowise, an open-source AI agent development platform, is currently under active exploitation in the wild. Security researchers have identified CVE-2025-59528, a code injection flaw with a CVSS score of 10.0, affecting thousands of deployments globally.
Maximum-severity code injection flaw discovered
The vulnerability exists within the CustomMCP node component, which permits users to configure settings for external connections. Threat actors have begun weaponizing this weakness to achieve remote code execution on vulnerable systems. With over 12,000 exposed instances identified, the attack surface remains substantial and concerning for organizations relying on the platform for AI workflow automation.
12,000+ Flowise instances vulnerable to attacks
Flowise enables developers and enterprises to construct AI agents through a visual interface, making it an increasingly popular choice for rapid AI application deployment. The platform's open-source nature means vulnerable instances are distributed across numerous environments, from individual developer setups to enterprise infrastructures.
Remote code execution enables complete system compromise
The remote code execution capability granted by this flaw represents an immediate and severe threat. Attackers exploiting CVE-2025-59528 can execute arbitrary code on affected servers, potentially leading to complete system compromise, data theft, and lateral movement within network environments. The maximum CVSS rating underscores the absence of complexity required for exploitation and the absence of user interaction needed to trigger the vulnerability.
Urgent patching required across all deployments
Organizations currently operating Flowise deployments should treat this vulnerability as critical and implement patches immediately. The widespread exposure, combined with active exploitation, means that unpatched instances face substantial risk of compromise. Security teams should audit their infrastructure to identify any Flowise installations and assess their patch status urgently.
Security challenges in open-source AI platforms
This incident highlights the security challenges inherent in open-source AI platforms, particularly as these tools become more integrated into production environments. While open-source development fosters innovation and community contribution, it also requires rigorous security practices and rapid patch distribution to address critical vulnerabilities before widespread exploitation occurs.