Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution
Attackers are exploiting a critical Flowise flaw, tracked as CVE-2025-59528 (CVSS score of 10), that lets them run malicious code and access systems due to poor validation of user-supplied JavaScript. Attackers are actively exploiting a critical vulnerability in Flowise, tracked as CVE-2025-59528, that allows remote code execution and file system access. The flaw stems from improper validation […]
Attackers are actively exploiting a critical vulnerability in Flowise, tracked as CVE-2025-59528, that allows remote code execution and file system access. The flaw stems from improper validation of user-supplied JavaScript in a configuration function, exposing systems to full compromise.
Flowise is an open-source platform that lets users build and manage customized LLM (large language model) workflows and autonomous agents. It provides a drag-and-drop interface to design AI flows, connect models, and integrate external tools or APIs without deep programming knowledge. Essentially, it simplifies creating AI-driven applications and automated processes.
Related breach coverage
- Critical Flowise Vulnerability in Attacker Crosshairs2026-04-07
The improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system. The post Critical Flowise Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.
- Critical Fortinet FortiClientEMS flaw allows remote code execution2026-02-09
Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An […]
- Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers2026-01-07
Attackers are exploiting a critical flaw (CVE-2026-0625) in old D-Link DSL routers that allows remote command execution. Threat actors are actively exploiting a critical RCE flaw, tracked as CVE-2026-0625 (CVSS score of 9.3), in legacy D-Link DSL routers. The vulnerability is an improper neutralization of special elements used in an OS Command (‘OS Command Injection’), […]
- Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed2026-04-06
Over 14,000 F5 BIG-IP APM instances remain exposed online, as attackers actively exploit a critical remote code execution flaw CVE-2025-53521. Over 14,000 F5 BIG-IP APM instances remain exposed online, with attackers actively exploiting the critical remote code execution vulnerability CVE-2025-53521 (CVSS ver. 3.1 score of 9.8), the nonprofit security organization Shadowserver warns. The vulnerability in BIG-IP […]