Privilege Escalation Vulnerability in Langflow by Langflow AI
CVE-2025-57760

8.8HIGH

Key Information:

Vendor

Langflow-ai

Status
Langflow
Vendor
CVE Published:
25 August 2025

What is CVE-2025-57760?

A critical privilege escalation vulnerability exists in Langflow, an AI-powered agent and workflow tool. This vulnerability arises within Langflow containers, where an authenticated user with remote code execution (RCE) permissions can exploit the internal CLI command 'langflow superuser' to create a new administrative account. As a result, an individual who initially registered as a regular user can gain full superuser access, undermining the integrity of the user management system. Currently, no patched version has been released to mitigate this issue.

Affected Version(s)

langflow <= 1.5.0

References

https://github.com/langflow-ai/langflow/security/advisori...
x_refsource_CONFIRM
https://github.com/langflow-ai/langflow/commit/c188ec113c...
x_refsource_MISC
http://github.com/langflow-ai/langflow/pull/9152
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-57760 : Privilege Escalation Vulnerability in Langflow by Langflow AI