A critical remote code execution vulnerability tracked as CVE-2025-59528 is being actively exploited in attacks against Flowise, an open-source platform used for building custom large language model applications and agentic systems. The vulnerability carries a maximum severity rating, indicating its potential for significant impact.
The flaw allows attackers to execute arbitrary code remotely on vulnerable Flowise installations. Security researchers have confirmed that threat actors are already leveraging this vulnerability in active exploitation campaigns, making it an immediate concern for organizations using the platform.