Privilege Escalation Vulnerability in Langflow by Langflow AI
CVE-2025-57760
What is CVE-2025-57760?
CVE-2025-57760 is a privilege escalation vulnerability identified in Langflow, a software tool developed by Langflow AI that facilitates the creation and deployment of AI-driven agents and workflows. This particular vulnerability allows an authenticated user, who has remote code execution (RCE) capabilities, to access an internal command-line interface (CLI) function called "langflow superuser." By utilizing this command, the user can create a new administrative account, effectively granting themselves full superuser privileges, regardless of whether they initially registered as a standard (non-admin) user through the application’s user interface. The ability to escalate privileges in this manner poses serious security risks, as it undermines the integrity of user access controls, particularly in environments where sensitive data and critical operations are managed.
Potential impact of CVE-2025-57760
-
Unrestricted Access to Systems: The privilege escalation enables potential attackers or rogue users to gain administrative rights, which could lead to unauthorized alterations or deletions of critical data, thereby jeopardizing organizational integrity and operational functionality.
-
Increased Risk of Data Breaches: With superuser access, an individual could exploit this vulnerability to extract sensitive information, resulting in data exposure that could harm the organization’s reputation and incur regulatory penalties.
-
Facilitation of Further Attacks: Once elevated privileges are achieved, an attacker may deploy additional malware or create backdoors for future access, increasing the overall attack surface and complicating incident response efforts.
Affected Version(s)
langflow <= 1.5.0