module
Flowise Custom MCP Remote Code Execution
| Disclosed | Created |
|---|---|
| Aug 14, 2025 | Nov 22, 2025 |
Disclosed
Aug 14, 2025
Created
Nov 22, 2025
Description
This module exploits a remote code execution vulnerability in Flowise versions >= 2.2.7-patch.1
and located in packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts and packages/components/nodes/tools/MCP/core.ts,
which allows users to execute arbitrary commands via StdioClientTransport by using the 'x-request-from: internal' header.
When FLOWISE_USERNAME and FLOWISE_PASSWORD are not configured, the exploit works unauthenticated. If Basic Auth is
enabled, the FLOWISE_USERNAME and FLOWISE_PASSWORD options must be set to provide credentials.
and located in packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts and packages/components/nodes/tools/MCP/core.ts,
which allows users to execute arbitrary commands via StdioClientTransport by using the 'x-request-from: internal' header.
When FLOWISE_USERNAME and FLOWISE_PASSWORD are not configured, the exploit works unauthenticated. If Basic Auth is
enabled, the FLOWISE_USERNAME and FLOWISE_PASSWORD options must be set to provide credentials.
Authors
Assaf Levkovich
Valentin Lobstein [email protected]
Valentin Lobstein [email protected]
Platform
Linux,Unix,Windows
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.