Exploit for Missing Authentication for Critical Function in Flowiseai Flowise CVE-2025-58434 CVE-2025-59528

Name: Exploit for Missing Authentication for Critical Function in Flowiseai Flowise CVE-2025-58434 CVE-2025-59528
Rating: 5 (120 reviews)

2026-04-14 | CVSS 10.0

## https://sploitus.com/exploit?id=345530C2-1AD7-5814-91B6-2FD7F110CA8C
# CVE-2025-58434_CVE-2025-59528
CVE-2025-58434 Flowise  &lt;= 3.0.5 and earlier allows account takeover via unauthenticated forgot-password token. CVE-2025-59528 lowiseAI Custom MCP Node Remote Code Execution.

# Usages: 
`python3 RCE.py -d "xxxxxx.silentium.xxx" -e "ben@silentium.xxx" -np "Password@a123" -lh  -lp `