1. Home
  2. Vulnerabilities
  3. CVE-2025-3248
Known Exploited Vulnerability
9.8
CRITICAL CVSS 3.1
CVE-2025-3248
Langflow Missing Authentication Vulnerability - [Actively Exploited]
Overview
Description

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Details
INFO

Published Date :

April 7, 2025, 3:15 p.m.

Last Modified :

Nov. 6, 2025, 1:57 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known Ransomware Campaign Use:

Unknown

Notes :

This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://github.com/advisories/GHSA-c995-4fw3-j39m ; https://nvd.nist.gov/vuln/detail/CVE-2025-3248

Impact
Affected Products

The following products are affected by CVE-2025-3248 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Langflow langflow
: Total Affected Vendor : 1 | Products : 1
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
CVSS 3.1 CRITICAL [email protected]
Solution
Update Langflow to version 1.3.0 or later to fix code execution vulnerability.
  • Update Langflow to version 1.3.0 or later.
Public PoC/Exploit Available at Github

CVE-2025-3248 has a 156 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-3248.

URL Resource
https://github.com/langflow-ai/langflow/pull/6911 Patch
https://github.com/langflow-ai/langflow/releases/tag/1.3.0 Release Notes
https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/ Exploit Third Party Advisory
https://www.vulncheck.com/advisories/langflow-unauthenticated-rce Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3248 US Government Resource
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-3248 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-3248 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
8kSec/awesome-ai-security

A practitioner-focused reference for AI/ML security — attacks, tools, research, and defenses. Covers offensive AI, securing AI systems, AI-assisted security operations, and governance.

Updated: 2 days, 3 hours ago
0 stars 0 fork 0 watcher
Born at : April 12, 2026, 4:30 p.m. This repo has been linked 28 different CVEs too.
Profile Photo
gauravkhetan/langflow

None

Dockerfile Makefile Shell JavaScript TypeScript Python Batchfile PowerShell Mako HTML

Updated: 2 days, 14 hours ago
0 stars 0 fork 0 watcher
Born at : April 12, 2026, 5 a.m. This repo has been linked 4 different CVEs too.
Profile Photo
ABAPPLO/LangFlow_Canvas

None

Dockerfile Makefile Shell JavaScript TypeScript Python Batchfile PowerShell Mako HTML

Updated: 2 days, 7 hours ago
0 stars 0 fork 0 watcher
Born at : April 10, 2026, 3:11 a.m. This repo has been linked 4 different CVEs too.
Profile Photo
webpro255/awesome-ai-agent-attacks

A curated timeline of real AI agent security incidents, breaches, and vulnerabilities (2024-2026). Every entry sourced and dated.

ai-agent-security ai-agents ai-security awesome-list cybersecurity llm-security mcp-security prompt-injection supply-chain-security

Updated: 4 days, 8 hours ago
1 stars 0 fork 0 watcher
Born at : April 7, 2026, 2:19 p.m. This repo has been linked 40 different CVEs too.
Profile Photo
dilshod97/ai_konstruktor

None

Makefile Dockerfile Shell JavaScript TypeScript Python Batchfile PowerShell Mako HTML

Updated: 1 week ago
0 stars 0 fork 0 watcher
Born at : April 7, 2026, 11:25 a.m. This repo has been linked 4 different CVEs too.
Profile Photo
h5i-dev/awesome-ai-agent-incidents

A curated corpus of incidents, attack vectors, failure modes, and defensive tools for autonomous AI agents.

agent-skills ai ai-agents claude claude-code codex llm openclaw prompt-injection security vibe-coding ai-security llm-security

Updated: 1 week, 2 days ago
14 stars 1 fork 1 watcher
Born at : March 30, 2026, 4:23 p.m. This repo has been linked 8 different CVEs too.
Profile Photo
Samuel-Ziger/GHOSTCTF

CTF recon console & API — nmap, web enum, flags (Solyd/HTB/GCTF), playbooks, optional domain recon

Dockerfile Python PHP HTML Shell JavaScript

Updated: 1 week, 3 days ago
0 stars 0 fork 0 watcher
Born at : March 26, 2026, 10:42 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
NAdrian95/ai-agent-security-checklist

Comprehensive security checklist for deploying autonomous AI agents safely. Covers prompt injection, data exfiltration, tool-use safety, and autonomous execution risks.

ai-agent-security ai-agents ai-safety autonomous-agents checklist llm llm-security mcp prompt-injection security

Updated: 3 weeks, 1 day ago
0 stars 0 fork 0 watcher
Born at : March 22, 2026, 11:07 p.m. This repo has been linked 4 different CVEs too.
Profile Photo
MaxMnMl/langflow-CVE-2026-33017-poc

CVE-2026-33017 - An unauthenticated remote code execution in Langflow <= 1.8.1 via Public Flow Build Endpoint

Python

Updated: 3 weeks, 2 days ago
2 stars 2 fork 2 watcher
Born at : March 21, 2026, 8:11 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
omaidnebari/langflow-benchmark

Langflow snapshot for internal testing

Dockerfile Makefile Shell JavaScript TypeScript Python Mako HTML CSS Batchfile

Updated: 3 weeks, 3 days ago
0 stars 0 fork 0 watcher
Born at : March 20, 2026, 6:50 p.m. This repo has been linked 4 different CVEs too.
Profile Photo
nebari-playground/langflow-cve-2025-3248

Langflow at pre-CVE-2025-3248 fix commit for variant analysis benchmarking

Updated: 3 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : March 20, 2026, 5:44 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
lordbeef2-sketch/Patch1

None

PowerShell Python TypeScript Shell

Updated: 3 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : March 19, 2026, 12:05 p.m. This repo has been linked 4 different CVEs too.
Profile Photo
khalidPro2025/vulnerabilite

None

Shell Python Dockerfile Java PHP Erlang Groovy Blade HTML JavaScript

Updated: 4 weeks, 2 days ago
0 stars 0 fork 0 watcher
Born at : March 15, 2026, 12:11 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
avisharmamsft/k8s-ai-security-toolkit

None

HTML Shell

Updated: 1 month ago
1 stars 0 fork 0 watcher
Born at : March 9, 2026, 1:39 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
Denisijcu/RamsonFlow

VM Linux Category Medium

Dockerfile TypeScript HTML CSS JavaScript Python Shell

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : March 7, 2026, 11:41 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-3248 vulnerability anywhere in the article.

  • TheCyberThrone
CISA adds Langflow and Trivy bugs to KEV Catalog

Langflow Code Injection Flaw Actively Exploited — CVE-2026-33017CISA has added a critical code injection vulnerability in Langflow to its Known Exploited Vulnerabilities catalog, confirming active exp ... Read more

Published Date: Mar 27, 2026 (2 weeks, 4 days ago)
  • The Hacker News
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabili ... Read more

Published Date: Mar 20, 2026 (3 weeks, 4 days ago)
  • Daily CyberSecurity
High-Severity RCE Flaw in Atlassian Bamboo Threatens CI/CD Environments

Atlassian has sounded the alarm for users of its Bamboo Data Center, uncovering a high-severity Remote Code Execution (RCE) vulnerability that could allow attackers to seize control of development env ... Read more

Published Date: Mar 19, 2026 (3 weeks, 5 days ago)
  • Help Net Security
Agentic attack chains advance as infostealers flood criminal markets

Cybercriminals spent much of 2025 automating their operations, shifting from one-off attacks to systems that can run entire intrusion cycles with minimal human input. Data collected from criminal foru ... Read more

Published Date: Mar 12, 2026 (1 month ago)
  • CybersecurityNews
Top 10 High-Risk Vulnerabilities Of 2025 that Exploited in the Wild

The cybersecurity landscape in 2025 has been marked by an unprecedented surge in critical vulnerabilities, with over 21,500 CVEs disclosed in the first half of the year alone, representing a 16-18% in ... Read more

Published Date: Jan 01, 2026 (3 months, 1 week ago)
  • Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
UK and US Blame Three Chinese Tech Firms for Global Cyberattacks

A coalition of international cybersecurity agencies led by the UK’s National Cyber Security Centre (NCSC) has publicly linked three China-based technology companies to a long-running global cyberattac ... Read more

Published Date: Aug 28, 2025 (7 months, 2 weeks ago)
  • Daily CyberSecurity
Langflow Hit by Privilege Escalation Flaw: CVE-2025-57760

Log into UI as new superuser The Langflow project has issued an important security advisory regarding a newly discovered vulnerability that poses a severe risk to organizations deploying AI-powered wo ... Read more

Published Date: Aug 26, 2025 (7 months, 2 weeks ago)
  • Cyber Security News
Hackers Exploiting Critical Langflow Vulnerability to Deploy Flodrix Botnet and Take System Control

Langflow, the popular Python framework for rapid AI prototyping, is under siege after researchers disclosed CVE-2025-3248, a flaw in the /api/v1/validate/code endpoint that lets unauthenticated attack ... Read more

Published Date: Jun 30, 2025 (9 months, 2 weeks ago)
  • Dark Reading
Hackers Exploit Critical Langflow Flaw to Unleash Flodrix Botnet

Source: BeeBright via ShutterstockAttackers are actively targeting a critical flaw in a popular Python-based Web app for building AI agents and workflows to unleash a powerful botnet that can cause fu ... Read more

Published Date: Jun 17, 2025 (9 months, 4 weeks ago)
  • The Hacker News
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

Cybersecurity researchers have called attention to a new campaign that's actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. "Attackers u ... Read more

Published Date: Jun 17, 2025 (9 months, 4 weeks ago)
  • Cyber Security News
Hackers Actively Exploiting Langflow RCE Vulnerability to Deploy Flodrix Botnet

Security researchers have uncovered an active cyberattack campaign targeting Langflow servers through CVE-2025-3248, a critical remote code execution vulnerability that allows threat actors to deploy ... Read more

Published Date: Jun 17, 2025 (9 months, 4 weeks ago)
  • Trend Micro
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet

Summary: Trend™ Research has identified an active campaign exploiting CVE-2025-3248 to deliver the Flodrix botnet. Attackers use the vulnerability to execute downloader scripts on compromised Langflow ... Read more

Published Date: Jun 17, 2025 (9 months, 4 weeks ago)
  • Daily CyberSecurity
Langflow Under Attacks: CVE-2025-3248 Exploited to Deliver Stealthy Flodrix Botnet

Trend Micro has uncovered an active and sophisticated campaign exploiting a critical remote code execution (RCE) vulnerability in Langflow, a popular open-source framework for building AI applications ... Read more

Published Date: Jun 16, 2025 (9 months, 4 weeks ago)
  • europa.eu
Cyber Brief 25-06 - May 2025

Cyber Brief (May 2025)June 3, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 328 open source reports for this Cyber Brief1.Relating to cyber policy and law enforcement, in Europe, seven EU Mem ... Read more

Published Date: Jun 03, 2025 (10 months, 1 week ago)
  • Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited, Warns CISA

CISA warns of active exploitation of critical Langflow vulnerability (CVE-2025-3248). Critical RCE flaw allows full server takeover. Patch to version 1.3.0 now! In April 2025, cybersecurity researcher ... Read more

Published Date: May 07, 2025 (11 months, 1 week ago)
  • Help Net Security
Actively exploited FreeType flaw fixed in Android (CVE-2025-27363)

Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted exploitation.” About CVE-2025-27363 CVE- ... Read more

Published Date: May 07, 2025 (11 months, 1 week ago)
  • Dark Reading
'Easily Exploitable' Langflow Vulnerability Requires Immediate Patching

Source: Alexey Kotelnikov via Alamy Stock PhotoNEWS BRIEFA critical flaw found in the open source Langflow platform was added to the US Cybersecurity and Infrastructure Security Agency’s (CISA's) Know ... Read more

Published Date: May 06, 2025 (11 months, 1 week ago)
  • BleepingComputer
Critical Langflow RCE flaw exploited to hack AI app servers

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitig ... Read more

Published Date: May 06, 2025 (11 months, 1 week ago)
  • TheCyberThrone
CISA Adds Langflow flaw to KEV Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2025-3248, a critical vulnerability in Langflow, to its Known Exploited Vulnerabilities (KEV) Catalog, citing activ ... Read more

Published Date: May 06, 2025 (11 months, 1 week ago)
  • Help Net Security
RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)

A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has confirmed by adding it to its ... Read more

Published Date: May 06, 2025 (11 months, 1 week ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-3248 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Nov. 06, 2025

    Action Type Old Value New Value
    Added Reference Type VulnCheck: https://www.vulncheck.com/advisories/langflow-unauthenticated-rce Types: Third Party Advisory
  • CVE Modified by [email protected]

    Nov. 04, 2025

    Action Type Old Value New Value
    Added Reference https://www.vulncheck.com/advisories/langflow-unauthenticated-rce
  • Modified Analysis by [email protected]

    Oct. 31, 2025

    Action Type Old Value New Value
    Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3248 Types: US Government Resource
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3248
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3248
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3248
  • Initial Analysis by [email protected]

    May. 07, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-94
    Added CWE CWE-306
    Added CPE Configuration OR *cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:* versions up to (excluding) 1.3.0
    Added Reference Type VulnCheck: https://github.com/langflow-ai/langflow/pull/6911 Types: Patch
    Added Reference Type VulnCheck: https://github.com/langflow-ai/langflow/releases/tag/1.3.0 Types: Release Notes
    Added Reference Type VulnCheck: https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/ Types: Exploit, Third Party Advisory
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    May. 06, 2025

    Action Type Old Value New Value
    Added Date Added 2025-05-05
    Added Due Date 2025-05-26
    Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name Langflow Missing Authentication Vulnerability
  • CVE Modified by [email protected]

    Apr. 09, 2025

    Action Type Old Value New Value
    Added Reference https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
  • New CVE Received by [email protected]

    Apr. 07, 2025

    Action Type Old Value New Value
    Added Description Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-306
    Added Reference https://github.com/langflow-ai/langflow/pull/6911
    Added Reference https://github.com/langflow-ai/langflow/releases/tag/1.3.0
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact