### Active Exploitation of CVE-2025-59528 Hackers are actively exploiting **CVE-2025-59528**, a critical vulnerability affecting **Flowise**, an open-source platform used for building custom Large Language Model (LLM) applications and agentic systems. This vulnerability allows for arbitrary code execution. The vulnerability, publicly disclosed last September, stems from a lack of security checks when injecting JavaScript code. Successful exploitation grants attackers the ability to execute commands and access the file system. ### Vulnerability Details The issue lies within the **Flowise** CustomMCP node, which allows configuration settings to connect to an external Model Context Protocol (MCP) server. The platform unsafely evaluates the `mcpServerConfig` input from the user, leading to JavaScript execution without proper validation. The vulnerability has a CVSS score of 10, indicating maximum severity. ### Remediation The developers addressed the issue in **Flowise** version 3.0.6. The latest version is currently 3.1.1, released two weeks ago. Users are strongly advised to upgrade to version 3.1.1 or at least 3.0.6 as soon as possible. Consider removing **Flowise** instances from the public internet if external access is not required. ### VulnCheck's Discovery **Caitlin Condon**, a security researcher at **VulnCheck**, reported the detection of **CVE-2025-59528** exploitation via their Canary network. > "Early this morning, VulnCheck's Canary network began detecting first-time exploitation of CVE-2025-59528, a CVSS-10 arbitrary JavaScript code injection vulnerability in Flowise, an open-source AI development platform," [Condon warned](https://www.linkedin.com/feed/update/urn:li:activity:7446686314562850817/). While the activity appears limited and originates from a single **Starlink** IP address, researchers estimate that between 12,000 and 15,000 **Flowise** instances are exposed online. ### Additional Vulnerabilities **Condon** also noted that activity related to **CVE-2025-59528** occurs alongside exploitation of **CVE-2025-8943** and **CVE-2025-26319**, which also impact **Flowise**. Currently, **VulnCheck** provides exploit samples, network signatures, and YARA rules only to its customers.