CVE-2025-59528
BaseFortify
Publication date: 2025-09-22
Last updated on: 2025-09-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flowiseai | flowise | 3.0.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-59528 is a critical remote code execution vulnerability in Flowise version 3.0.5. It occurs in the CustomMCP node, which processes user input for MCP server configuration by executing it as JavaScript code without any security validation. Specifically, the user input is passed directly to the JavaScript Function() constructor, allowing arbitrary code execution with full Node.js runtime privileges. This means an attacker can run any code on the server, access sensitive modules like child_process and fs, and perform malicious actions such as creating files or executing commands. The vulnerability is fixed in version 3.0.6. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including complete system takeover. An attacker can execute arbitrary commands remotely without any privileges or user interaction, leading to full file system access, manipulation or deletion of data, execution of malicious code, and exfiltration of sensitive information. This poses an extreme risk to business continuity and customer data security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the API endpoint `/api/v1/node-load-method/customMCP` containing unusual or malicious payloads in the `mcpServerConfig` parameter. One can check server logs for such requests. Additionally, verifying the presence of unexpected files such as `/tmp/RCE.txt` with contents like "!!RCE-OK!!" can indicate exploitation. Commands to detect signs of exploitation include: 1) Checking for suspicious POST requests in logs: `grep '/api/v1/node-load-method/customMCP' /var/log/access.log` 2) Searching for the proof-of-concept file: `cat /tmp/RCE.txt` 3) Monitoring running processes for unexpected commands spawned by Node.js: `ps aux | grep node` or `lsof -p $(pidof node)`. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Flowise from version 3.0.5 to version 3.0.6 or later, where this vulnerability has been patched. Additionally, restricting access to the vulnerable API endpoint `/api/v1/node-load-method/customMCP` by implementing network-level controls or authentication can reduce exposure. Monitoring and blocking suspicious payloads targeting the `mcpServerConfig` parameter is also advisable until the patch is applied. [1]