CVE-2025-59528

Name of the Vulnerable Software and Affected Versions Flowise versions 3.0.5

Description Flowise is a drag & drop user interface to build a customized large language model flow. Version 3.0.5 is vulnerable to remote code execution due to unsafe JavaScript code evaluation within the CustomMCP node. The node parses the user-provided mcpServerConfig string without proper security validation and executes it using the Function() constructor. This allows attackers to execute arbitrary code with full Node.js runtime privileges, potentially accessing dangerous modules like child process and fs. The vulnerability is triggered through the /api/v1/node-load-method/customMCP API endpoint, specifically via the mcpServerConfig parameter. Recent reports indicate first-time exploitation of this vulnerability, with an estimated 12,000 to 15,000 instances online potentially affected. A proof of concept demonstrates the ability to execute commands on the server by injecting malicious code into the mcpServerConfig parameter.

Recommendations Update to version 3.0.6 or later.