Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
Why it matters: Over 12,000 Flowise AI instances are vulnerable to remote code execution due to active exploitation.
- Threat actors are currently exploiting a maximum-severity security flaw in Flowise, an open-source AI platform.
- VulnCheck identified the vulnerability as CVE-2025-59528, a code injection flaw with a CVSS score of 10.0.
- Over 12,000 instances of Flowise are exposed to this remote code execution vulnerability.
Threat actors are actively exploiting a critical code injection vulnerability, CVE-2025-59528 (CVSS 10.0), in the open-source Flowise AI platform, as reported by VulnCheck. This flaw allows for remote code execution, leaving over 12,000 Flowise instances exposed to potential compromise.
