Flowise AI instances face active exploitation of critical remote code execution vulnerability

thehackernews.com

Threat actors are actively exploiting a critical Flowise AI vulnerability, CVE-2025-59528, allowing remote code execution and full system compromise. This maximum-severity flaw, with a CVSS score of 10.0, affects over 12,000 exposed Flowise instances and has been exploited for more than six months. The vulnerability enables attackers to execute arbitrary JavaScript code, access sensitive data, and compromise systems, posing a significant risk to businesses.


With a significance score of 3.3, this news ranks in the top 8.2% of today's 29593 analyzed articles.

Get summaries of news with significance over 5.5 (usually ~10 stories per week). Read by 10,000+ subscribers:


Flowise AI instances face active exploitation of critical remote code execution vulnerability | News Minimalist