Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
好的，我现在要帮用户总结这篇文章的内容，控制在100字以内。首先，我需要通读整篇文章，抓住主要信息。文章讲的是Flowise这个开源AI平台被发现了一个最高级别的安全漏洞，CVE-2025-59528，CVSS评分10.0。这个漏洞是代码注入漏洞，可能导致远程代码执行。具体来说，CustomMCP节点允许用户输入配置连接外部MCP服务器，但没有安全验证就执行JavaScript代码。攻击者可以利用这个漏洞执行任意代码，导致系统完全被控制、文件系统访问、命令执行和敏感数据泄露。此外，文章提到已经有攻击活动利用了这个漏洞，并且这是Flowise平台的第三个被实际利用的漏洞。VulnCheck的研究人员指出，这个漏洞已经公开超过六个月，但仍有大量暴露的实例容易被攻击。接下来，我需要将这些信息浓缩到100字以内。重点包括：漏洞名称、CVSS评分、影响（远程代码执行）、攻击者的能力（文件访问、命令执行、数据泄露）、已有攻击活动以及漏洞的严重性。现在组织语言：Flowise平台发现高危漏洞CVE-2025-59528（CVSS 10.0），允许远程代码执行。攻击者可获取文件系统和命令执行权限，并窃取敏感数据。已有攻击活动利用此漏洞，该平台已修复。检查字数：大约在90字左右，符合要求。 </think> Flowise平台发现高危漏洞CVE-2025-59528（CVSS 10.0），允许远程代码执行。攻击者可获取文件系统和命令执行权限，并窃取敏感数据。已有攻击活动利用此漏洞，该平台已修复。 2026-4-7 05:56:0 Author: thehackernews.com(查看原文) 阅读量:10 收藏

Artificial Intelligence / Vulnerability

Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck.

The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that could result in remote code execution.

"The CustomMCP node allows users to input configuration settings for connecting to an external MCP (Model Context Protocol) server," Flowise said in an advisory released in September 2025. "This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation."

Flowise noted that successful exploitation of the vulnerability can allow access to dangerous modules such as child_process (command execution) and fs (file system), as it runs with full Node.js runtime privileges.

Put differently, a threat actor who weaponizes the flaw can execute arbitrary JavaScript code on the Flowise server, leading to full system compromise, file system access, command execution, and sensitive data exfiltration.

"As only an API token is required, this poses an extreme security risk to business continuity and customer data," Flowise added. It credited Kim SooHyun with discovering and reporting the flaw. The issue was addressed in version 3.0.6 of the npm package.

According to details shared by VulnCheck, exploitation activity against the vulnerability has originated from a single Starlink IP address. CVE-2025-59528 is the third Flowise flaw with in-the-wild exploitation after CVE-2025-8943 (CVSS score: 9.8), an operating system command remote code execution, and CVE-2025-26319 (CVSS score: 8.9), an arbitrary file upload.

"This is a critical-severity bug in a popular AI platform used by a number of large corporations," Caitlin Condon, vice president of security research at VulnCheck, told The Hacker News in a statement.

"This specific vulnerability has been public for more than six months, which means defenders have had time to prioritize and patch the vulnerability. The internet-facing attack surface area of 12,000+ exposed instances makes the active scanning and exploitation attempts we're seeing more serious, as it means attackers have plenty of targets to opportunistically reconnoiter and exploit."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

文章来源: https://thehackernews.com/2026/04/flowise-ai-agent-builder-under-active.html
如有侵权请联系:admin#unsafe.sh