好的,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得仔细阅读文章,抓住主要信息。 文章讲的是Flowise平台被黑客攻击,利用了一个最高级别的漏洞CVE-2025-59528。这个漏洞允许注入JavaScript代码,导致任意代码执行和文件系统访问。问题出在CustomMCP节点的配置设置上,没有安全检查。 开发者已经修复了这个问题,在3.0.6版本中解决了,并且现在最新版本是3.1.1。VulnCheck的研究人员检测到了这个漏洞的利用活动,虽然目前活动有限,但有大量Flowise实例暴露在线上。 用户建议升级到最新版本,并考虑将实例从公网移除。 接下来,我需要把这些信息浓缩到100字以内。要突出漏洞的严重性、影响、修复措施以及建议行动。 可能的结构:漏洞名称、影响、问题所在、修复版本、检测情况、建议措施。 最后,确保语言简洁明了,不使用复杂的术语。 </think> 开源AI开发平台Flowise被发现存在最高级别漏洞CVE-2025-59528,允许黑客通过注入JavaScript代码执行任意命令和访问文件系统。该漏洞源于CustomMCP节点对用户输入的不安全评估。开发者已在3.0.6版本中修复问题,建议用户尽快升级至3.1.1版本,并移除不必要的公网访问。 2026-4-7 17:15:25 Author: www.bleepingcomputer.com(查看原文) 阅读量:3 收藏
Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code.
The flaw allows injecting JavaScript code without any security checks and was publicly disclosed last September, with the warning that successful exploitation leads to command execution and file system access.
The problem is with the Flowise CustomMCP node allowing configuration settings to connect to an external Model Context Protocol (MCP) server and unsafely evaluating the mcpServerConfig input from the user. During this process, it can execute JavaScript without first validating its safety.
The developer addressed the issue in Flowise version 3.0.6. The latest current version is 3.1.1, released two weeks ago.
Flowise is an open-source, low-code platform for building AI agents and LLM-based workflows. It provides a drag-and-drop interface that lets users connect components into pipelines powering chatbots, automation, and AI systems.
It is used by a broad range of users, including developers working in AI prototyping, non-technical users working with no-code toolsets, and companies that operate customer support chatbots and knowledge-based assistants.
Caitlin Condon, security researcher at vulnerability intelligence company VulnCheck, announced on LinkedIn that exploitation of CVE-2025-59528 has been detected by their Canary network.
“Early this morning, VulnCheck's Canary network began detecting first-time exploitation of CVE-2025-59528, a CVSS-10 arbitrary JavaScript code injection vulnerability in Flowise, an open-source AI development platform,” Condon warned.
Although the activity appears limited at this time, originating from a single Starlink IP, the researchers warned that there are between 12,000 and 15,000 Flowise instances exposed online right now.
However, it is unclear what percentage of those are vulnerable Flowise servers.
Condon notes that the observed activity related to CVE-2025-59528 occurs in addition to CVE-2025-8943 and CVE-2025-26319, which also impact Flowise and for which active exploitation in the wild has been observed.
Currently, VulnCheck provides exploit samples, network signatures, and YARA rules only to its customers.
Users of Flowise are recommended to upgrade to version 3.1.1 or at least 3.0.6 as soon as possible. They should also consider removing their instances from the public internet if external access is not needed.
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
如有侵权请联系:admin#unsafe.sh