Code Red for AI: CVSS-10 Vulnerability in Flowise Under Active Attack from Starlink IP

A vulnerability garnering the maximum severity rating has already been subjected to active exploitation, despite the remedial patch having been issued only recently. The flaw concerns Flowise, a prominent platform utilized for the development of applications driven by artificial intelligence.

The monitoring system VulnCheck chronicled the inaugural attempts to exploit CVE-2025-59528 on the morning of April 8. This security lapse, assigned a perfect 10 out of 10 on the severity scale, facilitates the injection of arbitrary JavaScript code, subsequently enabling its execution on the server side.

The defect resides within the operational logic of the CustomMCP server and impacts several iterations of Flowise. Upon a successful incursion, an adversary gains the ability to execute unauthorized code, effectively usurping control over the host system.

Currently, the observed malicious activity originates from a solitary IP address associated with the Starlink satellite internet constellation. However, with approximately 12,000 to 15,000 Flowise installations presently exposed to the public internet, the potential for a large-scale crisis is considerable.

Although the developers rectified this vulnerability with the release of Flowise 3.0.6, many users have yet to perform the requisite updates, leaving the risk of compromise perilously high.

In addition to this nascent threat, other known vulnerabilities—specifically CVE-2025-8943 and CVE-2025-26319—are being actively leveraged in attacks. Both have been previously cataloged by VulnCheck as under active exploitation, and surveillance systems continue to intercept persistent attempts to utilize these flaws.