Hackers exploit a critical Flowise flaw affecting thousands of AI workflows
Summary
Hackers are actively exploiting a critical vulnerability in the Flowise low-code platform, allowing for arbitrary JavaScript injection into AI workflows. This flaw, tracked as CVE-2025-59528, stems from improper validation of custom MCP node configurations, enabling remote code execution with full Node.js privileges. Thousands of Flowise instances are estimated to be exposed and vulnerable.
IFF Assessment
This is bad news for defenders as it represents a critical vulnerability in a popular AI development platform that is actively being exploited.
Severity
The vulnerability allows for arbitrary JavaScript injection with full Node.js runtime privileges, which can lead to complete system compromise. The attack vector is remote and easily exploitable, making it a critical threat.
Defender Context
Defenders should prioritize patching Flowise instances to version 3.0.6 or later to mitigate this critical code injection vulnerability. Monitoring for unusual JavaScript execution or unexpected network activity within AI workflows can also help detect ongoing exploitation of unpatched systems.