CVE-2025-59528: 
Flowise vulnerability analysis and mitigation

CVE-2025-59528 is a critical remote code execution (RCE) vulnerability discovered in Flowise version 3.0.5. The vulnerability exists in the CustomMCP node component which allows users to input configuration settings for connecting to an external MCP (Model Context Protocol) server. The issue was disclosed and patched in September 2025 with the release of version 3.0.6 (Flowise Release).

The vulnerability stems from improper control of code generation (CWE-94) in the CustomMCP node's handling of user-provided mcpServerConfig strings. The convertToValidJSONString function executes user input directly through the Function() constructor without validation, allowing arbitrary JavaScript code execution with full Node.js runtime privileges. The vulnerability flow begins at the API endpoint /api/v1/node-load-method/customMCP and progresses through multiple components before reaching the dangerous code execution point (Security Advisory).

The vulnerability allows attackers to execute arbitrary JavaScript code on the Flowise server with only an API token required. This can lead to complete system compromise, including full file system access, command execution capabilities, and potential sensitive data exfiltration. The CVSS v3.1 base score is 10.0 (Critical), with attack vector: Network, attack complexity: Low, privileges required: None, user interaction: None, scope: Changed, and maximum impact on confidentiality, integrity, and availability (Security Advisory).

The vulnerability has been patched in Flowise version 3.0.6. Users are strongly advised to upgrade to this version or later to protect against this security risk. The fix was released as part of a larger update that included multiple security improvements and bug fixes (Flowise Release).