Hackers are actively exploiting unpatched instances of Flowise, with the first in-the-wild attack reported on April 6, 2025. Caitlin Condon, VP of Security Research at VulnCheck, highlighted this critical security issue through a LinkedIn post, noting the detection of CVE-2025-59528, an arbitrary JavaScript code injection vulnerability. At that time, approximately 12,000 to 15,000 instances were still exposed, though the number of vulnerable Flowise versions is unknown. Condon also identified two additional vulnerabilities: CVE-2025-8943 (missing authentication) and CVE-2025-26319 (arbitrary file upload), both of which are subject to ongoing active exploitation. VulnCheck’s Canary network provided exclusive exploitation details to its clients, including full payloads and network signatures, while Initial Access Intelligence customers received further resources such as PCAP data and Docker container targets. Staying updated and patching vulnerabilities promptly is crucial for users of Flowise.
Source link
Share
Read more