Code Injection Vulnerability in Langflow by Langflow AI
CVE-2025-3248
Key Information:
- Vendor
Langflow-ai
- Status
- Vendor
- CVE Published:
- 7 April 2025
Badges
What is CVE-2025-3248?
CVE-2025-3248 is a critical code injection vulnerability discovered in Langflow, an open-source tool designed for creating agentic artificial intelligence workflows. This vulnerability affects versions of Langflow prior to 1.3.0 and allows remote, unauthenticated attackers to send specially crafted HTTP requests to the vulnerable API endpoint, /api/v1/validate/code. By exploiting this flaw, attackers can execute arbitrary Python code on the server without needing to authenticate, which poses a severe threat to organizations using the software. Langflow's design, which permits users to modify and execute Python code as a feature, inadvertently creates a significant security risk. The flaw's nature enables unauthorized access, potentially allowing attackers to take over servers, extract sensitive data, and disrupt operations.
Potential impact of CVE-2025-3248
-
Complete Server Takeover: The vulnerability enables attackers to execute arbitrary code on Langflow servers, providing them with full control over the compromised systems. This can lead to unauthorized data access, data theft, or disruption of services.
-
Execution of Malicious Code: An attacker can use this vulnerability to introduce and run malicious code, potentially installing additional malware or creating backdoors for future access. This poses a serious risk of further exploitation and compromise of organizational security.
-
Sensitive Information Disclosure: Exploitation of this vulnerability can result in the leak of sensitive information stored on the affected server. Attackers can extract confidential data, including personal information, intellectual property, and operational details, leading to reputational damage and regulatory penalties for organizations.
CISA has reported CVE-2025-3248
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-3248 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
langflow 0 <= 1.2.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
HackreadCVE-2025-3248Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited, Warns CISA
CISA warns of active exploitation of CVE-2025-3248 in Langflow. Critical RCE flaw allows full server takeover. Patch to version 1.3.0 now.
2 weeks ago
CISA (.gov)CVE-2025-3248CISA Adds One Known Exploited Vulnerability to Catalog | CISA
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation
2 weeks ago
'Easily Exploitable' Langflow Flaw Requires Patching
The vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder.
2 weeks ago
References
EPSS Score
90% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π¦
CISA Reported
- π
Vulnerability started trending
- π°
First article discovered by TheSecMaster
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved