Chained Vulnerability in Langflow AI Platform Exposes Accounts and Enables Remote Code Execution
CVE-2025-34291

9.4CRITICAL

Key Information:

Vendor: Langflow
Status: Langflow
Vendor: CVE Published:; 5 December 2025

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 31%🦅 CISA Reported📰 News Worthy

What is CVE-2025-34291?

Langflow, specifically versions up to and including 1.6.9, is affected by a critical security issue stemming from a chained vulnerability. This flaw enables attackers to hijack user accounts and execute arbitrary code remotely. It arises from an overly permissive Cross-Origin Resource Sharing (CORS) configuration combined with a refresh token cookie that lacks proper SameSite attributes. As a result, a malicious site can make cross-origin requests with user credentials, allowing attackers to acquire fresh access and refresh tokens. These tokens provide unauthorized access to sensitive endpoints, including built-in functionalities capable of executing arbitrary code, leading to complete system compromise.

CISA has reported CVE-2025-34291

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-34291 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Langflow 0 <= 1.6.9

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34291 - Proof of Concept

CVE-2025-34291-Langflow-Scanner
Created by ridhinva