{"uuid": "73c2711b-af8d-490d-a6ce-53254e592eff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59528", "type": "exploited", "source": "https://t.me/thehackernews/8751", "content": "\ud83d\uded1 Flowise has a CVSS 10.0 RCE flaw (CVE-2025-59528) now under active attack.\n\nA bug in MCP config lets attackers run JavaScript with full system access using just an API token. Over 12,000 exposed instances raise risk.\n\n\ud83d\udd17 Exploitation details \u2192 https://thehackernews.com/2026/04/flowise-ai-agent-builder-under-active.html", "creation_timestamp": "2026-04-07T06:00:05.000000Z"}