Code Injection Vulnerability in Langflow by Langflow AI
CVE-2025-3248
Key Information:
- Vendor
Langflow-ai
- Status
- Vendor
- CVE Published:
- 7 April 2025
Badges
What is CVE-2025-3248?
CVE-2025-3248 is a critical code injection vulnerability discovered in Langflow, an open-source tool designed for creating agentic artificial intelligence workflows. This vulnerability affects versions of Langflow prior to 1.3.0 and allows remote, unauthenticated attackers to send specially crafted HTTP requests to the vulnerable API endpoint, /api/v1/validate/code. By exploiting this flaw, attackers can execute arbitrary Python code on the server without needing to authenticate, which poses a severe threat to organizations using the software. Langflow's design, which permits users to modify and execute Python code as a feature, inadvertently creates a significant security risk. The flaw's nature enables unauthorized access, potentially allowing attackers to take over servers, extract sensitive data, and disrupt operations.
Potential impact of CVE-2025-3248
-
Complete Server Takeover: The vulnerability enables attackers to execute arbitrary code on Langflow servers, providing them with full control over the compromised systems. This can lead to unauthorized data access, data theft, or disruption of services.
-
Execution of Malicious Code: An attacker can use this vulnerability to introduce and run malicious code, potentially installing additional malware or creating backdoors for future access. This poses a serious risk of further exploitation and compromise of organizational security.
-
Sensitive Information Disclosure: Exploitation of this vulnerability can result in the leak of sensitive information stored on the affected server. Attackers can extract confidential data, including personal information, intellectual property, and operational details, leading to reputational damage and regulatory penalties for organizations.
CISA has reported CVE-2025-3248
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-3248 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
langflow 0 <= 1.2.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Cyber Security Agency of SingaporeCVE-2025-3248Active Exploitation of Critical Vulnerability in Langflow
Security researchers have identified a new active campaign that is exploiting a critical vulnerability (CVE-2025-3248) in Langflow to launch distributed denial-of-service (DDoS) attacks.
21 hours ago
Hackers Exploit Langflow Flaw to Unleash Flodrix Botnet
A vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data
3 days ago
The Hacker NewsCVE-2025-3248New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
Langflow’s RCE flaw is under active attack, infecting servers with Flodrix botnet malware via public PoC. Unpatched AI apps remain at risk.
3 days ago
References
EPSS Score
92% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🦅
CISA Reported
- 📈
Vulnerability started trending
- 📰
First article discovered by TheSecMaster
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved