Chained Vulnerability in Langflow AI Platform Exposes Accounts and Enables Remote Code Execution
CVE-2025-34291
Key Information:
Badges
What is CVE-2025-34291?
Langflow, specifically versions up to and including 1.6.9, is affected by a critical security issue stemming from a chained vulnerability. This flaw enables attackers to hijack user accounts and execute arbitrary code remotely. It arises from an overly permissive Cross-Origin Resource Sharing (CORS) configuration combined with a refresh token cookie that lacks proper SameSite attributes. As a result, a malicious site can make cross-origin requests with user credentials, allowing attackers to acquire fresh access and refresh tokens. These tokens provide unauthorized access to sensitive endpoints, including built-in functionalities capable of executing arbitrary code, leading to complete system compromise.
Affected Version(s)
Langflow 0 <= 1.6.9
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved