What is CVE-2025-59528 in Flowise?

It's an RCE flaw where unvalidated JS in MCP configs executes with Node privileges, affecting versions up to 3.0.5.

Are there exploits for Flowise vulnerability in the wild?

Yes, VulnCheck confirmed active scanning and attempts on exposed instances.

Update to 3.0.6+, remove public access, sanitize all user inputs.

Imagine your company's AI agent turning into a hacker's backdoor overnight. That's the stark reality for thousands of Flowise users right now.

Threat Digest Apr 07, 2026 4 min read

Hackers are actively targeting 12K-15K exposed Flowise servers via CVE-2025-59528 RCE. 𝕏
Only an API token needed—patch to 3.0.6 immediately if vulnerable. 𝕏
Echoes Log4Shell: AI no-code tools prioritize speed over security, risking business data. 𝕏

Published by

Threat intelligence. Zero noise.

#AI platform exploit #AI platform security #AI security #CVE-2025-59528 #Flowise vulnerability #RCE exploit #remote code execution

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by SecurityWeek