{"data":{"id":"29f99780-0b9b-45fe-9ae6-ddd3c9b7e6c0","title":"Max severity Flowise RCE vulnerability now exploited in attacks","summary":"Hackers are actively exploiting CVE-2025-59528, a critical vulnerability in Flowise (an open-source platform for building AI agents and custom LLM applications) that allows arbitrary JavaScript code injection without validation through the CustomMCP node. The flaw was publicly disclosed in September, affects thousands of exposed instances online, and enables attackers to execute commands and access files on vulnerable systems.","solution":"Upgrade to Flowise version 3.1.1 or at least version 3.0.6 as soon as possible. Additionally, consider removing Flowise instances from the public internet if external access is not required.","labels":["security"],"sourceUrl":"https://www.bleepingcomputer.com/news/security/max-severity-flowise-rce-vulnerability-now-exploited-in-attacks/","publishedAt":"2026-04-07T17:02:05.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-07T17:02:05.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}