Back to Intelligence

CVE-2025-59528: Flowise RCE Under Active Exploitation — Detection and Hardening

SA
Security Arsenal Team
April 8, 2026
5 min read

Introduction

A critical security flaw in the Flowise platform, an open-source tool widely used for building custom Large Language Model (LLM) applications, is now being actively exploited in the wild. Tracked as CVE-2025-59528, this vulnerability allows unauthenticated attackers to execute arbitrary code remotely on systems hosting vulnerable instances. Given the rapid adoption of LLM orchestration tools in enterprise environments, this represents a significant immediate risk to data integrity and infrastructure security. Defenders must assume that exposed Flowise instances are currently being targeted and must act immediately to identify and remediate the threat.

Technical Analysis

  • Affected Product: Flowise (LLM app builder and agentic system framework).
  • CVE Identifier: CVE-2025-59528.
  • Severity: Critical (Max Severity / CVSS 10.0).
  • Vulnerability Type: Remote Code Execution (RCE).
  • Affected Components: The vulnerability stems from insufficient validation in the web API endpoints handling user inputs or file uploads, allowing the injection of malicious payloads.
  • Attack Chain: An attacker sends a crafted HTTP request to a vulnerable Flowise instance. Due to the lack of sanitization, the application processes this input in a way that allows the attacker to break out of the application logic and execute system-level commands within the context of the Node.js process.
  • Exploitation Status: Confirmed Active Exploitation. Security reports indicate that threat actors are actively scanning for and exploiting this vulnerability to deploy web shells or crypto-miners.

Detection & Response

SIGMA Rules

YAML
---
title: Flowise CVE-2025-59528 - Suspicious Child Process Spawn
id: 8a4b2c1d-9e0f-4a5b-8c2d-1e4f5a6b7c8d
status: experimental
description: Detects suspicious shell processes spawned by the Flowise (Node.js) parent process, indicative of RCE exploitation.
references:
  - https://bleepingcomputer.com/news/security/max-severity-flowise-rce-vulnerability-now-exploited-in-attacks/
author: Security Arsenal
date: 2025/01/15
tags:
  - attack.execution
  - attack.t1059
  - cve.2025.59528
logsource:
  category: process_creation
  product: windows
detection:
  selection:
    ParentImage|contains: 'node'
    ParentImage|contains: 'flowise'
    Image|endswith:
      - '\cmd.exe'
      - '\powershell.exe'
      - '\pwsh.exe'
  condition: selection
falsepositives:
  - Legitimate administrative debugging (rare)
level: critical
---
title: Flowise Linux - Shell Spawn via Node Process
id: 9c5d3e2f-1a2b-3c4d-5e6f-7a8b9c0d1e2f
status: experimental
description: Detects shell spawning by Node.js processes on Linux, potentially indicating Flowise exploitation.
references:
  - https://bleepingcomputer.com/news/security/max-severity-flowise-rce-vulnerability-now-exploited-in-attacks/
author: Security Arsenal
date: 2025/01/15
tags:
  - attack.execution
  - attack.t1059
  - cve.2025.59528
logsource:
  category: process_creation
  product: linux
detection:
  selection:
    ParentImage|endswith: '/node'
    ParentImage|contains: 'flowise'
    Image|endswith:
      - '/bash'
      - '/sh'
      - '/zsh'
  condition: selection
falsepositives:
  - Legitimate administrative debugging
level: critical

KQL (Microsoft Sentinel / Defender)

KQL — Microsoft Sentinel / Defender
// Hunt for suspicious child processes of Flowise Node.js instances
DeviceProcessEvents
| where InitiatingProcessFileName =~ "node.exe" or InitiatingProcessFileName =~ "node"
| where InitiatingProcessFolderPath contains "flowise"
| where FileName in~ ("powershell.exe", "cmd.exe", "pwsh.exe", "bash", "sh", "zsh", "curl", "wget")
| project Timestamp, DeviceName, InitiatingProcessCommandLine, CommandLine, FileName, FolderPath, AccountName
| order by Timestamp desc

Velociraptor VQL

VQL — Velociraptor
-- Hunt for Flowise processes spawning shells on Linux/Unix endpoints
SELECT Pid, Name, CommandLine, Exe, Username, CreateTime,
       Parent.Pid AS ParentPid, Parent.Name AS ParentName, Parent.CommandLine AS ParentCmd
FROM pslist()
WHERE Parent.Name =~ "node"
  AND Parent.CommandLine =~ "flowise"
  AND Name IN ("bash", "sh", "zsh", "dash", "python", "perl")

Remediation Script (Bash)

Bash / Shell
#!/bin/bash
# Flowise CVE-2025-59528 Emergency Remediation Script
# Use this script to identify running Flowise instances and verify/update the version.

echo "[+] Checking for running Flowise processes..."
FLOWISE_PIDS=$(pgrep -f "flowise")

if [ -z "$FLOWISE_PIDS" ]; then
    echo "[-] No Flowise processes detected."
else
    echo "[!] Flowise is running. PIDs: $FLOWISE_PIDS"
    echo "[!] Recommendation: Stop the service immediately to patch."
    # Uncomment to kill process (CAUTION)
    # pkill -f "flowise"
fi

echo "[+] Checking for Flowise installation via NPM..."
if command -v npm &> /dev/null; then
    npm list -g flowise 2>/dev/null || echo "Flowise not found globally."
fi

echo "[+] Checking Docker containers for Flowise..."
if command -v docker &> /dev/null; then
    docker ps --filter "ancestor=flowiseai/flowise" --format "table {{.ID}}\t{{.Image}}\t{{.Status}}"
    echo "Action: Pull the latest image: docker pull flowiseai/flowise:latest"
    echo "Action: Recreate containers with the new image."
fi

echo "[+] Remediation Steps:"
echo "1. Update Flowise to the latest patched version immediately."
echo "2. Restrict access to the Flowise UI (port 3000) via IP whitelisting or VPN."
echo "3. Review logs for unusual shell activity or file modifications."

Remediation

  1. Immediate Patching: Update Flowise to the latest version immediately. Check the official Flowise GitHub repository for the specific patched release addressing CVE-2025-59528. If you are using Docker, pull the latest tag or a specific patched digest and rebuild your containers.
  2. Network Segmentation: Flowise instances should never be exposed directly to the public internet without strict access controls. Place the application behind a Web Application Firewall (WAF) or an authentication proxy (e.g., OAuth2, OIDC). Restrict access to the management port (default 3000) to known internal IP addresses or VPN subnets.
  3. Compromise Assessment: If your instance was exposed and unpatched during the active exploitation window, assume compromise. Hunt for the following indicators:
    • Unexpected user accounts or cron jobs on the host.
    • Presence of node processes spawning bash/sh or powershell.
    • Outbound network connections to unknown IPs (C2 beacons).
  4. Audit Configuration: Review all deployed LLM flows and API keys. An attacker with RCE capabilities may have scraped API keys for OpenAI, Anthropic, or other providers configured within the platform. Rotate all credentials immediately.

Related Resources

Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub

vulnerabilitycvepatchzero-dayflowisecve-2025-59528rcellm-security

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.

Book a SOC AssessmentSee AlertMonitor in Action