PRP: FlowiseAI CVE-2025-59528 RCE

[tranquac]

• Identifier of the vulnerability: CVE-2025-59528
• Affected software: FlowiseAI
• Type of vulnerability: RCE
• Requires authentication: No
• Language you would use for writing the plugin: Templated plugins, Java
• Resources:
  • https://thehackernews.com/2026/04/flowise-ai-agent-builder-under-active.html

[github-actions]

Welcome to the Tsunami patch reward program!

Your issue has been added to our triage queue and will reviewed
shortly. The panel usually takes a decision once per week, so it
can take up to a week before you hear back from us.

Please, do not start the work until the panel has reached a
decision. Although we always welcome contributions, unapproved
work is not eligible for a reward.

~The Tsunami PRP team