CVE-2025-59528: 
Flowise vulnerability analysis and mitigation

CVE-2025-59528 affects Flowise, a drag & drop user interface for building customized large language model flows. The vulnerability was discovered in version 3.0.5 and disclosed on September 22, 2025. The issue allows remote code execution through the CustomMCP node when processing user-provided configuration settings for external MCP server connections (CISA Bulletin, GitHub Advisory).

The vulnerability stems from improper validation of user input in the CustomMCP node's convertToValidJSONString function. User-provided mcpServerConfig strings are directly passed to the Function() constructor and executed with full Node.js runtime privileges, allowing access to dangerous modules like child_process and fs. The vulnerability has been assigned a CVSS v3.1 base score of 10.0 (Critical) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indicating network accessibility with no required privileges or user interaction (GitHub Advisory).

The vulnerability allows attackers to execute arbitrary JavaScript code on the Flowise server, potentially leading to complete system compromise, unauthorized file system access, arbitrary command execution, and sensitive data exfiltration. Since only an API token is required, this poses an extreme security risk to business continuity and customer data (GitHub Advisory).

The vulnerability has been patched in Flowise version 3.0.6. Users are strongly advised to upgrade to this version to protect against potential exploitation (GitHub Advisory, Flowise Release).