A maximum-severity vulnerability, CVE-2025-59528, in Flowise’s CustomMCP node allows unvalidated JavaScript injection that can lead to arbitrary command execution and filesystem access. VulnCheck’s Canary network has observed exploitation activity originating from a Starlink IP, and users are urged to upgrade to Flowise 3.1.1 (or at least 3.0.6) and remove instances from the public internet if not needed. #CVE-2025-59528 #Flowise #VulnCheck #Starlink
Keypoints
- CVE-2025-59528 is a critical arbitrary JavaScript injection vulnerability in Flowise’s CustomMCP node.
- The flaw lets attacker-supplied mcpServerConfig be evaluated without validation, enabling code execution and filesystem access.
- VulnCheck detected exploitation in the wild coming from a single Starlink IP, though activity is currently limited.
- Between 12,000 and 15,000 Flowise instances are exposed online, but the exact number of vulnerable servers is unclear.
- Flowise patched the issue in version 3.0.6 and users should upgrade to 3.1.1 or remove public exposure immediately.