10

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-59528

GHSA ID

GHSA-3gcm-f6qx-ff7p

EPSS Score

CWE

CWE-94

Published

9/15/2025

Updated

9/22/2025

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-59528

CVE-2025-59528: Flowise has Remote Code Execution vulnerability

Description

Cause of the Vulnerability

The CustomMCP node allows users to input configuration settings for connecting to an external MCP (Model Context Protocol) server. This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation.

Specifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which evaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous modules such as child_process and fs.

Vulnerability Flow

User Input Received: Input is provided via the API endpoint /api/v1/node-load-method/customMCP through the mcpServerConfig parameter.
Variable Substitution: The substituteVariablesInString function replaces template variables like $vars.xxx, but no security filtering is applied during this step.
Dangerous Code Execution: The convertToValidJSONString function executes the input using Function('return ' + inputString)(). If the inputString contains malicious code, it gets executed in the global Node.js context, allowing actions such as command execution and file system access.

Taint Flow

Taint 01: Route Registration
index.ts (Line 5)
Taint 02: Controller
(Line 57–78)

Miggo Vulnerability Database

→

CVE-2025-59528

CVE-2025-59528:

10

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-59528

GHSA ID

GHSA-3gcm-f6qx-ff7p

EPSS Score

CWE

CWE-94

Published

9/15/2025

Updated

9/22/2025

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
flowise	npm	= 3.0.5	3.0.6

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability exists in the CustomMCP component of Flowise, where user-provided configuration for an MCP server is parsed insecurely. The root cause is the convertToValidJSONString function in packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts. This function used the Function() constructor to parse the mcpServerConfig string, which is a known security risk as it executes the string as JavaScript code. An attacker can provide a malicious JavaScript payload in the mcpServerConfig parameter, which will then be executed by the Node.js runtime with the server's privileges. This allows for a full remote code execution (RCE) vulnerability.

The patch, identified in commit 4af067a444a579f260d99e8c8eb0ae3d5d9b811a, replaces the insecure Function('return ' + inputString)() call with JSON5.parse(inputString). This change ensures that the input is treated as data (JSON) and not as executable code, effectively mitigating the RCE vulnerability.

The analysis identified two key functions:

convertToValidJSONString: This is the function with the core vulnerability, where the code injection occurs.
CustomMCP.loadMethods: This is the function that receives the tainted input from the user and passes it to the vulnerable function, making it a critical part of the exploit chain and a key indicator in a runtime profile.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

10

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-59528: Flowise has Remote Code Execution vulnerability

Description

Cause of the Vulnerability

Vulnerability Flow

Taint Flow

CVE-2025-59528:

10

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

10

10

Basic Information

Basic Information

CVE-2025-59528: Flowise has Remote Code Execution vulnerability

Description

Cause of the Vulnerability

Vulnerability Flow

Taint Flow

Proof of Concept (PoC)

Impact

Complete System Takeover and Infrastructure Threat

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI