5 matches found
Exploit for Code Injection in Flowiseai Flowise
CVE-2025-59528.yaml Flowise is a drag & drop user interface to...
CVE-2025-59528 Flowise has Remote Code Execution vulnerability
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided...
CVE-2025-59528
Flowise 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig string is parsed and passed to the Function() constructor via convertToValidJSONString without validation, allowing an attacker to execute arbitrary JavaScript with Node.js privileges (e.g., ac...
Flowise has Remote Code Execution vulnerability
Description Cause of the Vulnerability The CustomMCP node allows users to input configuration settings for connecting to an external MCP Model Context Protocol server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it...
PT-2025-39075
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description A remote code execution issue exists in the CustomMCP node, which allows users to input configuration settings for connecting to an external Model Context Protocol MCP server. The node parses the...