module
Flowise JS Injection RCE
| Disclosed | Created |
|---|---|
| Sep 13, 2025 | Nov 22, 2025 |
Disclosed
Sep 13, 2025
Created
Nov 22, 2025
Description
This module exploits a remote code execution vulnerability in Flowise versions >= 2.2.7-patch.1
and located in packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts, which allows users to execute
arbitrary commands via JavaScript code injection in the mcpServerConfig parameter using the
convertToValidJSONString function that uses Function('return ' + inputString)(). For versions
the exploit can work unauthenticated if FLOWISE_USERNAME and FLOWISE_PASSWORD environment variables
are not configured. For versions >= 3.0.1, authentication via FLOWISE_EMAIL and FLOWISE_PASSWORD is
required due to JWT token verification.
and located in packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts, which allows users to execute
arbitrary commands via JavaScript code injection in the mcpServerConfig parameter using the
convertToValidJSONString function that uses Function('return ' + inputString)(). For versions
the exploit can work unauthenticated if FLOWISE_USERNAME and FLOWISE_PASSWORD environment variables
are not configured. For versions >= 3.0.1, authentication via FLOWISE_EMAIL and FLOWISE_PASSWORD is
required due to JWT token verification.
Authors
Platform
Linux,Unix,Windows
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.