Code Injection Vulnerability in Langflow by Langflow AI
CVE-2025-3248

9.8CRITICAL

Key Information:

Vendor
Langflow-ai
Status
Langflow
Vendor
CVE Published:
7 April 2025

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 4,660πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 80%πŸ“° News Worthy

What is CVE-2025-3248?

CVE-2025-3248 is a code injection vulnerability identified within the Langflow application developed by Langflow AI. This application facilitates the integration and management of AI workflows, allowing users to streamline various operations. The vulnerability specifically exists in the /api/v1/validate/code endpoint for versions prior to 1.3.0. If exploited, an attacker can send specially crafted HTTP requests that may enable them to execute arbitrary code on the server, significantly threatening the integrity and security of organizations using Langflow.

Technical Details

The vulnerability arises from improper input validation in the affected API endpoint. By sending maliciously constructed code through HTTP requests, an unauthenticated remote attacker could manipulate the server into executing unintended commands. This flaw underscores critical concerns related to the security practices of the application, emphasizing the importance of robust input validation mechanisms.

Potential Impact of CVE-2025-3248

  1. Arbitrary Code Execution: Attackers can exploit this vulnerability to gain control of the server running Langflow, potentially executing malicious code that could disrupt services or compromise sensitive data.

  2. Data Breach Risk: Unauthorized code execution could lead to access and extraction of sensitive information, increasing the risk of data breaches and loss of confidential data.

  3. Service Disruption: The successful exploitation of this vulnerability can result in the disruption of the Langflow service, affecting operational continuity and potentially resulting in financial losses for the organization.

Affected Version(s)

langflow 0 <= 1.2.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-3248 - Proof of Concept

CVE-2025-3248
Created by xuemian168

CVE-2025-3248-POC
Created by PuddinCat

News Articles

favicon imageSANS Internet Storm Center

Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248) - SANS Internet Storm Center

Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248), Author: Johannes Ullrich

6 days ago

favicon imageironcastle.net

Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248), (Sat, Apr 12th) - Iron Castle Systems

Two weeks ago, version 1.3.0 of Langflow was released. The release notes list many fixes but do not mention that one of the "Bug Fixes" addresses a major vulnerability. Instead, the release notes state, "auth current user on code validation." [1] Its website states, "Langflow is a low-code tool for ...

6 days ago

favicon imageTheSecMaster

Fix CVE-2025-3248: Critical Langflow Security Flaw

Learn how to fix the critical CVE-2025-3248 vulnerability in Langflow, protect against code injection attacks, and secure your deployment.

2 weeks ago

References

https://github.com/langflow-ai/langflow/pull/6911
patch
https://github.com/langflow-ai/langflow/releases/tag/1.3.0
release-notes
https://www.horizon3.ai/attack-research/disclosures/unsaf...
exploit

EPSS Score

80% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ“°

    First article discovered by TheSecMaster

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Naveen Sunkavally, Horizon3.ai
.