A critical vulnerability in the Flowise AI Agent Builder is being actively exploited, with over 12,000 instances exposed to remote code execution attacks. The flaw, identified as CVE-2025-59528, carries a maximum CVSS score of 10.0 and allows attackers to inject malicious code, potentially leading to full system compromise. This code injection vulnerability is particularly concerning due to its presence in the CustomMCP node, which handles user-inputted configuration settings1. The active exploitation of this vulnerability underscores the urgent need for patching or mitigation. As discussions involving Intel are ongoing, the status of exploitation will determine whether this is a patch-now or monitor situation. This vulnerability matters to security practitioners because it highlights the importance of prompt patching and vigilance in protecting AI-powered systems from potentially devastating remote code execution attacks.