incident•Critical•September 2025•Confirmed•2 references
Flowise CustomMCP STDIO transport RCE (CVE-2025-59528)
Flowise's CustomMCP node exposed a CVSS 10.0 path from STDIO transport handling to remote code execution.
Capability EscalationTool Misuse
Affected systems
MCP deployments, Workflow builders
Primary threats
Capability Escalation, Tool Misuse
Impact types
Remote code execution, Transport compromise
CVEs
Not specified
What an auditor should now check
- Review how transport adapters spawn and connect to local processes
- Verify builder nodes cannot silently widen runtime authority
- Check whether transport-specific logs preserve sufficient execution detail
Why this matters
Transport semantics are part of the authority plane. If the connector bridge is unsafe, every downstream tool inherits that insecurity.
What happened
Flowise's CustomMCP node exposed a severe path to remote code execution through its handling of STDIO-connected MCP behavior.
Why the classification matters
The transport layer is not neutral plumbing. It can be the exploit boundary.
What an auditor should now check
- How builder nodes wrap and spawn MCP processes
- Whether transport-specific options can widen authority silently
- Whether deployment teams understand STDIO bridge risk as execution risk
Zealynx takeaway
Transport adapters deserve the same audit depth as the tools they expose.
Control implications
- Transport bridges need dedicated threat modeling, not implicit trust
- Visual workflow builders can still carry deep execution risk
- Connector-specific nodes should inherit sandboxing and path restrictions
References
Affected systems
- MCP deployments
- Workflow builders
Impact types
- Remote code execution
- Transport compromise