Flowise System Message Override via Template Interpolation (CVE-2025-59528) - ATR-2026-00210 (c62f61b6-7aa4-5fc2-b6f3-ec8f6e3e5c9f)

Detects exploitation of the Flowise chatflow System Message template injection vulnerability (CVE-2025-59528). Flowise renders {{$flow.variables.X}} and {{$input}} in the System Message field without sanitization, allowing an attacker-controlled chat input to overwrite the system prompt and pivot the chatflow's tool-calling posture. Public PoCs achieved RCE via the vm.runInNewContext / new Function sink reached from a polluted System Message. 21 GHSAs published 2026-04-15 cover the affected chatflow surfaces (Airtable Agent, CSV Agent, Parameter Override, etc.). Disclosed 2026-04-14.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
AI Model Inference API Access (90a420d4-3f03-4800-86c0-223c4376804a)	MITRE ATLAS Attack Pattern	Flowise System Message Override via Template Interpolation (CVE-2025-59528) - ATR-2026-00210 (c62f61b6-7aa4-5fc2-b6f3-ec8f6e3e5c9f)	Agent Threat Rules	1
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	Flowise System Message Override via Template Interpolation (CVE-2025-59528) - ATR-2026-00210 (c62f61b6-7aa4-5fc2-b6f3-ec8f6e3e5c9f)	Agent Threat Rules	1
Flowise System Message Override via Template Interpolation (CVE-2025-59528) - ATR-2026-00210 (c62f61b6-7aa4-5fc2-b6f3-ec8f6e3e5c9f)	Agent Threat Rules	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	1
Flowise System Message Override via Template Interpolation (CVE-2025-59528) - ATR-2026-00210 (c62f61b6-7aa4-5fc2-b6f3-ec8f6e3e5c9f)	Agent Threat Rules	Indirect (a4a55526-2f1f-403b-9691-609e46381e17)	MITRE ATLAS Attack Pattern	1
LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9)	MITRE ATLAS Attack Pattern	Indirect (a4a55526-2f1f-403b-9691-609e46381e17)	MITRE ATLAS Attack Pattern	2