DVIUS Intelligence Summary: Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000 Instances Exposed - Analysis from Thehackernews.
Threat actors are exploiting a maximum-severity security flaw in Flowise, an
open-source artificial intelligence (AI) platform, according to new findings
from VulnCheck.
The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code
injection vulnerability that could result in remote code execution.
"The CustomMCP node allows users to input configuration settings for connecting
DVIUS AI Assessment: This incident highlights the ongoing evolution of cyber threats. Organizations should prioritize patch management, employee awareness training, and multi-factor authentication to mitigate similar risks. For full details, refer to the original source.