CVE-2025-59528 – Flowise
CVSS 10
CRITICAL
“When an AI workflow tool is exposed, attackers can turn automation into execution.”
Flowise addressed CVE-2025-59528, a critical vulnerability that allows remote code execution through improper handling of user-supplied input within its workflow engine. The issue can be exploited to execute arbitrary code on the host system, potentially leading to full system compromise and unauthorized access to connected data sources and services.
CVE-2025-59528 has a CVSS score of 10.0, which is Critical severity. Verified proof-of-concept code exists, increasing the likelihood of exploitation. The patch corrects input validation and execution controls within the workflow processing logic, preventing unauthorized code execution.
Key Details
- Affected Product
- Flowiseai Flowise
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-94
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.