Code Injection Vulnerability in Langflow by Langflow AI
CVE-2025-3248

9.8CRITICAL

Key Information:

Status
Vendor
CVE Published:
7 April 2025

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 4,660πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 92%πŸ¦… CISA ReportedπŸ“° News Worthy

What is CVE-2025-3248?

CVE-2025-3248 is a critical code injection vulnerability discovered in Langflow, an open-source tool designed for creating agentic artificial intelligence workflows. This vulnerability affects versions of Langflow prior to 1.3.0 and allows remote, unauthenticated attackers to send specially crafted HTTP requests to the vulnerable API endpoint, /api/v1/validate/code. By exploiting this flaw, attackers can execute arbitrary Python code on the server without needing to authenticate, which poses a severe threat to organizations using the software. Langflow's design, which permits users to modify and execute Python code as a feature, inadvertently creates a significant security risk. The flaw's nature enables unauthorized access, potentially allowing attackers to take over servers, extract sensitive data, and disrupt operations.

Potential impact of CVE-2025-3248

  1. Complete Server Takeover: The vulnerability enables attackers to execute arbitrary code on Langflow servers, providing them with full control over the compromised systems. This can lead to unauthorized data access, data theft, or disruption of services.

  2. Execution of Malicious Code: An attacker can use this vulnerability to introduce and run malicious code, potentially installing additional malware or creating backdoors for future access. This poses a serious risk of further exploitation and compromise of organizational security.

  3. Sensitive Information Disclosure: Exploitation of this vulnerability can result in the leak of sensitive information stored on the affected server. Attackers can extract confidential data, including personal information, intellectual property, and operational details, leading to reputational damage and regulatory penalties for organizations.

CISA has reported CVE-2025-3248

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-3248 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

langflow 0 <= 1.2.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

Langflow: CVE-2025-3248: Active Exploitation

Learn about CVE-2025-3248 affecting Langflow. Patch now to prevent remote code execution.

3 days ago

Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited, Warns CISA

CISA warns of active exploitation of CVE-2025-3248 in Langflow. Critical RCE flaw allows full server takeover. Patch to version 1.3.0 now.

3 weeks ago

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

3 weeks ago

References

EPSS Score

92% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ¦…

    CISA Reported

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ“°

    First article discovered by TheSecMaster

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Naveen Sunkavally, Horizon3.ai
.
CVE-2025-3248 : Code Injection Vulnerability in Langflow by Langflow AI