Flowise RCE Vulnerability (CVE-2025-59528) Actively Exploited in April 2026
Date: 2026-04-08
Tags: malware, supply-chain
Executive Summary
Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. The vulnerability affects a widely deployed LLM application framework used by developers and enterprises to build AI-powered workflows. Active exploitation was confirmed on April 7, 2026.
Campaign Summary
| Field | Detail |
|---|---|
| Campaign / Malware | Flowise CVE-2025-59528 Active Exploitation |
| Attribution | Unknown/Multiple Threat Actors (confidence: low) |
| Target | Organizations and developers using Flowise LLM application platform; AI development teams |
| Vector | Network-based RCE via unpatched Flowise instances; likely automated scanning and exploitation |
| Status | active |
| First Observed | 2026-04-07 |
Detailed Findings
Flowise is an open-source, low-code platform for building LLM applications and agentic AI workflows. The critical remote code execution vulnerability CVE-2025-59528 allows unauthenticated attackers to execute arbitrary code on vulnerable deployments. Given Flowise's position in the AI development supply chain—used by teams building custom LLM agents, RAG systems, and AI automation workflows—successful exploitation grants attackers direct access to development environments, training data pipelines, and connected AI services. The active exploitation reported on April 7, 2026 indicates threat actors are systematically targeting this common development tool. Flowise users often have elevated privileges in development environments and access to sensitive API keys (OpenAI, Anthropic, HuggingFace, etc.), making successful compromises highly valuable for credential theft and lateral movement.
MITRE ATT&CK Mapping
| Technique | ID | Context |
|---|---|---|
| Exploit Public-Facing Application | T1190 | CVE-2025-59528 in Flowise allows remote code execution without authentication |
| Supply Chain Compromise | T1195 | Flowise platforms often integrate with multiple upstream AI service providers and model repositories |
IOCs
Domains
_CVE-2025-59528 assigned; specific version ranges and patch status available via NVD and Flowise security advisories_
Full URL Paths
_CVE-2025-59528 assigned; specific version ranges and patch status available via NVD and Flowise security advisories_
Splunk Format
_No IOCs available for Splunk query_
Package Indicators
flowise (vulnerable versions affected by CVE-2025-59528)Detection Recommendations
Organizations deploying Flowise should: (1) Immediately patch to the latest patched version addressing CVE-2025-59528; (2) Scan internal networks for exposed Flowise instances using tools like Shodan, Censys, or internal asset inventories; (3) Monitor application logs for suspicious POST/GET requests to known RCE endpoints; (4) Implement network segmentation to isolate Flowise development/deployment infrastructure from production systems; (5) Monitor outbound connections from Flowise processes for indicators of data exfiltration or command-and-control communication; (6) Rotate all API keys and credentials accessible from compromised Flowise instances (OpenAI, Anthropic, HuggingFace, cloud provider credentials); (7) Audit Flowise deployment permissions and restrict to least-privilege service accounts.
References
- [BleepingComputer] Max severity Flowise RCE vulnerability now exploited in attacks (2026-04-07) — https://www.bleepingcomputer.com/news/security/max-severity-flowise-rce-vulnerability-now-exploited-in-attacks/