CVE-2025-3248
Published Apr 7, 2025
Last updated 8 months ago
AI description
CVE-2025-3248 is a code injection vulnerability that affects Langflow versions prior to 1.3.0. It exists in the `/api/v1/validate/code` endpoint, where a remote, unauthenticated attacker can send crafted HTTP requests to execute arbitrary code on the server. This vulnerability allows attackers to gain control of vulnerable Langflow servers without needing authentication. To remediate this vulnerability, users are advised to upgrade to Langflow version 1.3.0 or restrict network access to the application.
- Description
- Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- langflow
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Langflow Missing Authentication Vulnerability
- Exploit added on
- May 5, 2025
- Exploit action due
- May 26, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3
Sysdig says it documented the first ransomware attack run entirely by an AI agent, no human at the controls. JADEPUFFER hit an internet-facing Langflow server via CVE-2025-3248, encrypted a production database, and left its own Bitcoin ransom note. Full breach, no operator. https
@ShortInfoNews
5 Jul 2026
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/4 🚨 Cyber Snapshot: July 5, 2026 Sysdig has documented what they assess to be the first case of agentic ransomware driven end-to-end by an LLM agent. JADEPUFFER used an autonomous LLM to exploit CVE-2025-3248 (unauth RCE in Langflow), pivot, escalate, establish persistence,
@seoscottsdale
5 Jul 2026
84 Impressions
1 Retweet
1 Like
0 Bookmarks
3 Replies
0 Quotes
JADEPUFFER Agentic Ransomware Exploits Langflow CVE-2025-3248 and Nacos CVE-2021-29441. https://t.co/bkDNPhMJQb #ThreatIntel #CVE_2025_3248 #CVE_2021_29441 #JADEPUFFER https://t.co/vBblI1lh1r
@threadlinqs
5 Jul 2026
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis reveals JadePuffer ransomware deployed an autonomous AI agent that executed a complete attack chain without human intervention. The AI exploited CVE-2025-3248, escalated privileges, moved laterally across systems, and encrypted 1,342 service configurations. Runtime
@aviatrixtrc
4 Jul 2026
121 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
باج افزاری به نام JadePuffer منتشر شده که با ساختار LLM ایجاد شده است، این باج افزار ابتدا با اکسپلویت کردن آسیب پذیری با کد شناسایی CVE-2025-3248 ، دسترسی اولیه به سی
@AmirHossein_sec
4 Jul 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Agentic AI Used to Conduct Ransomware Attack via Langflow Attackers exploited Langflow vulnerability CVE-2025-3248 to conduct an agentic AI-powered ransomware attack involving reconnaissance, credential theft, and lateral movement. https://t.co/ingV9nnOs5 https://t.co/uXLl0eh2B9
@StetsonCG
4 Jul 2026
62 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
JadePuffer ransomware used an autonomous LLM agent to run a full attack chain: exploiting CVE-2025-3248 in Langflow for initial access, pivoting to MySQL via root creds. #DFIR_Radar https://t.co/nRIW8YdfA2
@DFIR_Radar
4 Jul 2026
189 Impressions
0 Retweets
1 Like
0 Bookmarks
2 Replies
0 Quotes
AI AGENT BARU AJA BIKIN SEJARAH GELAP, PERTAMA KALI FULL AUTONOMOUS RANSOMWARE! Sysdig baru document JADEPUFFER (2-3 Juli 2026). Ini BUKAN manusia di belakang keyboard. Ini LLM agent yang: • Exploit CVE-2025-3248 di Langflow instance yang exposed • Harvest API keys, cloud
@bryanonchain
4 Jul 2026
83 Impressions
0 Retweets
1 Like
1 Bookmark
1 Reply
0 Quotes
JADEPUFFER is the first documented fully agentic ransomware: an LLM autonomously exploited known CVE-2025-3248 MGwXSefHMCUXXGj1vH9HdtrtjJmkmG1ZDNBbq2vpump
@mthego4t
3 Jul 2026
391 Impressions
1 Retweet
8 Likes
0 Bookmarks
1 Reply
0 Quotes
JADEPUFFER is the first documented end-to-end LLM-driven ransomware operation, exploiting CVE-2025-3248 in Langflow to chain recon, lateral movement, and database destruction with no human at the keyboard. Key findings: - Initial access via CVE-2025-3248, a no-auth remote code
@DFIR_Radar
3 Jul 2026
352 Impressions
2 Retweets
5 Likes
2 Bookmarks
4 Replies
0 Quotes
🚨 全球首例完全自主的 AI Agent 勒索攻击曝光 安全公司 Sysdig 记录到一起由 AI 智能体(代号为 JADEPUFFER)独立完成的勒索攻击事件,这标志着网络安全领域进入了新的纪元。 攻击全流程实现自动化: • 借助 Langfl
@lilihaoha
3 Jul 2026
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
An AI agent ran a ransomware attack end-to-end 🤖🔒 Sysdig's "JADEPUFFER" broke into Langflow (CVE-2025-3248), harvested secrets, encrypted 1,342 configs — and fixed its own failed login in 31 seconds. The barrier for attacks just hit ~zero. 🎥 https://t.co/1kI6sHQzop
@asamitalex
3 Jul 2026
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The security shop’s research team named the agentic intruder JadePuffer and said it gained initial access to an internet-facing Langflow instance by exploiting CVE-2025-3248, and then ran a fully automated attack. #cybersecurity https://t.co/vEGN1yWECf
@cybertzar
3 Jul 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
1/3 Sysdig found the first fully AI-automated ransomware attack. JADEPUFFER used CVE-2025-3248 in Langflow (unauthenticated RCE) to break in, steal cloud credentials, encrypt a production database, and wipe it with no human in the loop. #ransomware #AI #CVE #cybersecurity
@CyberTLDR
3 Jul 2026
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Un agent d'IA va encadenar sol tota una campanya d'extorsió -accés via Langflow (CVE-2025-3248), robatori de credencials, moviment lateral- i va xifrar/esborrar dades de configuració sense guardar la clau per desencriptar-les. Un autèntic agent del caos. https://t.co/qSxqtcR
@lalgorisme
3 Jul 2026
847 Impressions
13 Retweets
13 Likes
2 Bookmarks
1 Reply
0 Quotes
'first' end-to-end agentic ransomware attack the agentic intruder JadePuffer and said it gained initial access to an internet-facing Langflow instance by exploiting CVE-2025-3248 https://t.co/GOkwnqevJj
@wikinger7
3 Jul 2026
112 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AI Agent Turns Langflow RCE into Full Ransomware Operation Sysdig has documented JADEPUFFER, the first known end-to-end agentic ransomware attack. An LLM exploited unpatched CVE-2025-3248 in an exposed Langflow instance, harvested credentials, pivoted to a production MySQL/Nacos
@JAVI_MEI
3 Jul 2026
124 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
ランサムウェア犯さん、エージェント型AIによる攻撃の完全自動化に成功。Sysdig社報告。脅威をJadePufferと命名。LangflowのCVE-2025-3248から初期アクセスし、MySQLにrootで接続。root認証情報の取得契機は不明。その後
@__kokumoto
2 Jul 2026
1528 Impressions
8 Retweets
19 Likes
11 Bookmarks
0 Replies
1 Quote
JADEPUFFER is the first fully autonomous ransomware run entirely by an AI agent. - Exploited CVE-2025-3248 to target Langflow instances and escalate to production databases. - Conducted all stages of a database extortion campaign without human involvement. https://t.co/IrnPpF
@threatcluster
2 Jul 2026
146 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-3248: un agente de IA explotó Langflow RCE para robar secretos, moverse lateralmente y cifrar 1,342 items de configuración. https://t.co/VIJg8DgueX
@NeoteoCom
2 Jul 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis reveals JADEPUFFER AI agent autonomously executed a full ransomware attack chain—from CVE-2025-3248 exploitation through lateral movement to database encryption. The agent harvested credentials, pivoted across systems, and encrypted production databases without hum
@aviatrixtrc
2 Jul 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cybersecurity firm Sysdig has found what could be the first ransomware attack to be fully conducted by an AI operator. This new operator has been dubbed 'JADEPUFFER', and has exploited CVE-2025-3248; which is related to open-source tool Langflow. This CVE takes advantage of the
@Leila97726926
2 Jul 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Sysdig says it has found the first ransomware attack run entirely by an AI agent. Dubbed JADEPUFFER, the operation - exploited CVE-2025-3248 (unauthenticated RCE in Langflow, patched since 2025), - harvested API keys and cloud credentials, pivoted via a 2021 Nacos auth
@techepages
2 Jul 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 An AI agent turned Langflow RCE into automated database extortion. CVE-2025-3248 exploited to steal secrets, move laterally, hijack Nacos, encrypt 1,342 configuration items, and drop database schemas. Inside the attack chain: https://t.co/cOH8aKxW2o https://t.co/ZSs6GEFiQ9
@TheHackersNews
2 Jul 2026
16522 Impressions
20 Retweets
45 Likes
14 Bookmarks
3 Replies
0 Quotes
First documented agentic ransomware: JADEPUFFER ran a fully automated database extortion operation end-to-end via LLM, exploiting CVE-2025-3248 in Langflow to pivot and destroy 1,342 Nacos configs. - CVE-2025-3248 is an unauthenticated RCE in Langflow's code-validation endpoint.
@DFIR_Radar
1 Jul 2026
195 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Langflowの認証不要RCE脆弱性CVE-2026-33017を悪用してクリプトマイナーを展開するキャンペーンが観測されています。Langflowは2025年6月のCVE-2025-3248(Flodrixボットネットが悪用)に続き、1年で2度目の同種のRCEが突か
@MalwareBibleJP
30 Jun 2026
1220 Impressions
0 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
1/ CISA added CVE-2025-3248 in Langflow to the Known Exploited Vulnerabilities catalog. Every vendor blog will frame this as "AI infrastructure under attack" like it's some new threat category. It's a pre-auth remote code execution bug in a Python web app. That's it. That's the
@4A4556494C
23 May 2026
285 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 CISA just added 2 actively exploited vulnerabilities to the KEV catalog: Langflow (CVE-2025-3248) & Trend Micro Apex One (CVE-2025-24132). Attackers are moving fast. Are you patching faster? Read the full breakdown: https://t.co/tSl22BTD08...
@cybernytronx
22 May 2026
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Langflow CVE-2025-3248: unauthenticated remote code execution via an API endpoint. Affects all versions before 1.3.0. If your AI agent stack includes Langflow, update it. Published April 2025. https://t.co/AGY4Zwp1tz
@DarshanSays
29 Apr 2026
172 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
`Langflow` is affected by an unauthenticated RCE vulnerability (CVE-2025-3248). Assess system exposure and implement network access controls. #Langflow #RCE #infosec https://t.co/wKqmrCT51p
@pulsepatchio
2 Apr 2026
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3248 — Langflow's /api/v1/validate/code executes user-supplied Python before auth. CVSS 9.8. CISA KEV. Post-RCE, attackers run printenv. Langflow holds LLM API keys, database conxn strings, and cloud creds. High value density in a single process. #AIAgents
@DFIR_TNT
30 Mar 2026
175 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Langflow just got its second CISA KEV in two years. CVE-2026-33017. Same exec() architecture as CVE-2025-3248. Attackers went from advisory to credential harvesting in 24 hours - no PoC required. This is not a patch problem. It is an architecture problem that was never fixed.
@jlabernathy
28 Mar 2026
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I found CVE-2026-33017, a Critical 9.3 unauthenticated RCE in Langflow, by looking at the code path the previous CISA KEV fix (CVE-2025-3248) missed. - https://t.co/gFBy4aiRQe #aisecurity #langflowvulnerability
@hackernoon
26 Mar 2026
338 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Another feature update today, focused on two new CVEs, now live on Github, see details below: CVE-2025-3248 - Looks at Langflow package versions. Flags vulnerable if your version is below known safe versions. CVE-2025-34291 - Looks at both version and web security settings.
@CoyoteSecure
22 Feb 2026
4493 Impressions
1 Retweet
7 Likes
3 Bookmarks
0 Replies
2 Quotes
As you all know by now, weekends is when I code on Coyote, and today has been a busy day! Just pushed another update, this one to address two recent security vulnerabilities, details below. CVE-2025-3248 - Looks at Langflow package versions. Flags vulnerable if your version is
@CoyoteSecure
22 Feb 2026
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
1/3 geçen sene CVE-2025-3248 ve CVE-2025-57760 açıklarını shodan,zoomeye,fofa gibi yerlerde exploit eden bi tool yazmıştım threat hunt amaçlı. Bayağı da bi sunucu rootlandı.
@testaccountogul
13 Jan 2026
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cytellite recent detection targeting CVE-2025-3248 — M247 Europe SRL Visit -- https://t.co/JgFgTw2h2h #Loginsoft #Cytellite #Cybersecurity #CVE20253248 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/6PcerXypgU
@Loginsoft_Intel
10 Jan 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cytellite recent detection targeting CVE-2025-3248 — M247 Europe SRL Visit -- https://t.co/JgFgTw2h2h #Loginsoft #Cytellite #Cybersecurity #CVE20253248 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/9cN1CjZrzs
@Loginsoft_Intel
10 Jan 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 أعلى 10 ثغرات عالية الخطورة في 2025 واستُغلت فعلاً في البرية 🚨 🔐 كشف تقرير CyberSecurityNews عن أخطر الثغرات التي هزّت الأمن السيبراني في 2025 — تأثيرها كان كبيرً
@Infoandtech3
2 Jan 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025年 実際に悪用された高リスク脆弱性 Top10 1 Langflow 未認証コード実行 CVE-2025-3248 2 Microsoft SharePoint Server RCE(ToolShell) CVE-2025-53770 / CVE-2025-53771 3 sudo 権限昇格(chroot処理不備) CVE-2025-32463 4 Docker Desktop コンテ
@yousukezan
1 Jan 2026
1476 Impressions
1 Retweet
15 Likes
7 Bookmarks
0 Replies
0 Quotes
Top 10 High-Risk Vulnerabilities of 2025 Langflow Unauthorized Code Injection Vulnerability (CVE-2025-3248): With a CVSS score of 9.8, this vulnerability stems from inadequate sandbox isolation and missing input filtering, enabling attackers to inject malicious code via API
@blackorbird
25 Dec 2025
6818 Impressions
2 Retweets
18 Likes
7 Bookmarks
0 Replies
1 Quote
BREAKING: CVE-2025-3248 exposes critical vulnerability in AI agent frameworks - attackers can manipulate agent behavior via unauthenticated requests, plant backdoors in AI-generated code, achieve arbitrary code execution. Thread on the 6 critical security gaps enterprises face:
@godel_sh
5 Nov 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-3248: Langflow RCE PoC ⚠️ Only for educational purposes & ethical hacking 👍 Like, comment & share if this helped! #CyberSecurity #EthicalHacking #CVE #Exploit #PoC #RedTeam #BugBounty #Infosec #Pentesting #OSCP https://t.co/aWCluy3X9h
@r0otk3r
29 Oct 2025
94 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Langflow: CVE-2025-3248: Active Exploitation https://t.co/sLho1n0Kv4
@Karma_X_Inc
19 Oct 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post: "LangflowのCVE-2025-3248を例としたFalcoによるCI/CDセキュリティ強化 | SHIFT Group 技術ブログ" https://t.co/JYj79FOVIB
@OCGOT1616
18 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
”攻撃者は、本脆弱性に未対処のLangflowサーバ上でダウンロード用スクリプトを実行し、Flodrixのマルウェアをインストールします” #AI AI開発ツール「Langflow」の重大な脆弱性「CVE-2025-3248」を悪用してFlodrix
@zubora_engineer
18 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AI開発ツール「Langflow」の重大な脆弱性「CVE-2025-3248」を悪用してFlodrixボットネットを ... https://t.co/UxuJUt5m96 #izumino_trend
@sec_trend
16 Aug 2025
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرة CVE-2025-3248 #RCE في Langflow (<1.3.0) تنفيذ تعليمات برمجية Python عشوائية دون مصادقة. 🔹 Endpoint: /api/v1/validate/code 🔹 Impact: Remote code execution 🔍 Query: title:"Langflow" favicon:66f2ee4a
@CriminalIP_AR
28 Jul 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3248 #RCE in Langflow (<1.3.0) Allows arbitrary Python code execution without auth. One malicious POST can lead to full server compromise. 🔹 Endpoint: /api/v1/validate/code 🔹 Impact: Remote code execution 🔍 Query: title:"Langflow" favicon:66f2ee4a Deta
@CriminalIP_US
25 Jul 2025
141 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
In our latest blog article, we demonstrate how to simulate with M&NTIS, and detect with #𝐒𝐮𝐫𝐢𝐜𝐚𝐭𝐚, an exploitation attempt of CVE-2025-3248 targeting Langflow: https://t.co/AksewxinQZ
@mantis_platform
22 Jul 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "464AFA20-81A9-41A6-B9F1-CD38B64C40C7",
"versionEndExcluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]