CVE-2025-3248

Published Apr 7, 2025

Last updated 8 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-3248 is a code injection vulnerability that affects Langflow versions prior to 1.3.0. It exists in the `/api/v1/validate/code` endpoint, where a remote, unauthenticated attacker can send crafted HTTP requests to execute arbitrary code on the server. This vulnerability allows attackers to gain control of vulnerable Langflow servers without needing authentication. To remediate this vulnerability, users are advised to upgrade to Langflow version 1.3.0 or restrict network access to the application.

Description
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
Source
disclosure@vulncheck.com
NVD status
Analyzed
Products
langflow

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Langflow Missing Authentication Vulnerability
Exploit added on
May 5, 2025
Exploit action due
May 26, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

disclosure@vulncheck.com
CWE-306
nvd@nist.gov
CWE-94

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

3

  1. Sysdig says it documented the first ransomware attack run entirely by an AI agent, no human at the controls. JADEPUFFER hit an internet-facing Langflow server via CVE-2025-3248, encrypted a production database, and left its own Bitcoin ransom note. Full breach, no operator. https

    @ShortInfoNews

    5 Jul 2026

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 1/4 🚨 Cyber Snapshot: July 5, 2026 Sysdig has documented what they assess to be the first case of agentic ransomware driven end-to-end by an LLM agent. JADEPUFFER used an autonomous LLM to exploit CVE-2025-3248 (unauth RCE in Langflow), pivot, escalate, establish persistence,

    @seoscottsdale

    5 Jul 2026

    84 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    3 Replies

    0 Quotes

  3. JADEPUFFER Agentic Ransomware Exploits Langflow CVE-2025-3248 and Nacos CVE-2021-29441. https://t.co/bkDNPhMJQb #ThreatIntel #CVE_2025_3248 #CVE_2021_29441 #JADEPUFFER https://t.co/vBblI1lh1r

    @threadlinqs

    5 Jul 2026

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. TRC analysis reveals JadePuffer ransomware deployed an autonomous AI agent that executed a complete attack chain without human intervention. The AI exploited CVE-2025-3248, escalated privileges, moved laterally across systems, and encrypted 1,342 service configurations. Runtime

    @aviatrixtrc

    4 Jul 2026

    121 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. باج افزاری به نام JadePuffer منتشر شده که با ساختار LLM ایجاد شده است، ‌این باج افزار ابتدا با اکسپلویت کردن آسیب پذیری با کد شناسایی CVE-2025-3248 ، دسترسی اولیه به سی

    @AmirHossein_sec

    4 Jul 2026

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Agentic AI Used to Conduct Ransomware Attack via Langflow Attackers exploited Langflow vulnerability CVE-2025-3248 to conduct an agentic AI-powered ransomware attack involving reconnaissance, credential theft, and lateral movement. https://t.co/ingV9nnOs5 https://t.co/uXLl0eh2B9

    @StetsonCG

    4 Jul 2026

    62 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  7. JadePuffer ransomware used an autonomous LLM agent to run a full attack chain: exploiting CVE-2025-3248 in Langflow for initial access, pivoting to MySQL via root creds. #DFIR_Radar https://t.co/nRIW8YdfA2

    @DFIR_Radar

    4 Jul 2026

    189 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    2 Replies

    0 Quotes

  8. AI AGENT BARU AJA BIKIN SEJARAH GELAP, PERTAMA KALI FULL AUTONOMOUS RANSOMWARE! Sysdig baru document JADEPUFFER (2-3 Juli 2026). Ini BUKAN manusia di belakang keyboard. Ini LLM agent yang: • Exploit CVE-2025-3248 di Langflow instance yang exposed • Harvest API keys, cloud

    @bryanonchain

    4 Jul 2026

    83 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    1 Reply

    0 Quotes

  9. JADEPUFFER is the first documented fully agentic ransomware: an LLM autonomously exploited known CVE-2025-3248 MGwXSefHMCUXXGj1vH9HdtrtjJmkmG1ZDNBbq2vpump

    @mthego4t

    3 Jul 2026

    391 Impressions

    1 Retweet

    8 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. JADEPUFFER is the first documented end-to-end LLM-driven ransomware operation, exploiting CVE-2025-3248 in Langflow to chain recon, lateral movement, and database destruction with no human at the keyboard. Key findings: - Initial access via CVE-2025-3248, a no-auth remote code

    @DFIR_Radar

    3 Jul 2026

    352 Impressions

    2 Retweets

    5 Likes

    2 Bookmarks

    4 Replies

    0 Quotes

  11. 🚨 全球首例完全自主的 AI Agent 勒索攻击曝光 安全公司 Sysdig 记录到一起由 AI 智能体(代号为 JADEPUFFER)独立完成的勒索攻击事件,这标志着网络安全领域进入了新的纪元。 攻击全流程实现自动化: • 借助 Langfl

    @lilihaoha

    3 Jul 2026

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. An AI agent ran a ransomware attack end-to-end 🤖🔒 Sysdig's "JADEPUFFER" broke into Langflow (CVE-2025-3248), harvested secrets, encrypted 1,342 configs — and fixed its own failed login in 31 seconds. The barrier for attacks just hit ~zero. 🎥 https://t.co/1kI6sHQzop

    @asamitalex

    3 Jul 2026

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. The security shop’s research team named the agentic intruder JadePuffer and said it gained initial access to an internet-facing Langflow instance by exploiting CVE-2025-3248, and then ran a fully automated attack. #cybersecurity https://t.co/vEGN1yWECf

    @cybertzar

    3 Jul 2026

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. 1/3 Sysdig found the first fully AI-automated ransomware attack. JADEPUFFER used CVE-2025-3248 in Langflow (unauthenticated RCE) to break in, steal cloud credentials, encrypt a production database, and wipe it with no human in the loop. #ransomware #AI #CVE #cybersecurity

    @CyberTLDR

    3 Jul 2026

    73 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Un agent d'IA va encadenar sol tota una campanya d'extorsió -accés via Langflow (CVE-2025-3248), robatori de credencials, moviment lateral- i va xifrar/esborrar dades de configuració sense guardar la clau per desencriptar-les. Un autèntic agent del caos. https://t.co/qSxqtcR

    @lalgorisme

    3 Jul 2026

    847 Impressions

    13 Retweets

    13 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  16. 'first' end-to-end agentic ransomware attack the agentic intruder JadePuffer and said it gained initial access to an internet-facing Langflow instance by exploiting CVE-2025-3248 https://t.co/GOkwnqevJj

    @wikinger7

    3 Jul 2026

    112 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. AI Agent Turns Langflow RCE into Full Ransomware Operation Sysdig has documented JADEPUFFER, the first known end-to-end agentic ransomware attack. An LLM exploited unpatched CVE-2025-3248 in an exposed Langflow instance, harvested credentials, pivoted to a production MySQL/Nacos

    @JAVI_MEI

    3 Jul 2026

    124 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  18. ランサムウェア犯さん、エージェント型AIによる攻撃の完全自動化に成功。Sysdig社報告。脅威をJadePufferと命名。LangflowのCVE-2025-3248から初期アクセスし、MySQLにrootで接続。root認証情報の取得契機は不明。その後

    @__kokumoto

    2 Jul 2026

    1528 Impressions

    8 Retweets

    19 Likes

    11 Bookmarks

    0 Replies

    1 Quote

  19. JADEPUFFER is the first fully autonomous ransomware run entirely by an AI agent. - Exploited CVE-2025-3248 to target Langflow instances and escalate to production databases. - Conducted all stages of a database extortion campaign without human involvement. https://t.co/IrnPpF

    @threatcluster

    2 Jul 2026

    146 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. CVE-2025-3248: un agente de IA explotó Langflow RCE para robar secretos, moverse lateralmente y cifrar 1,342 items de configuración. https://t.co/VIJg8DgueX

    @NeoteoCom

    2 Jul 2026

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. TRC analysis reveals JADEPUFFER AI agent autonomously executed a full ransomware attack chain—from CVE-2025-3248 exploitation through lateral movement to database encryption. The agent harvested credentials, pivoted across systems, and encrypted production databases without hum

    @aviatrixtrc

    2 Jul 2026

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Cybersecurity firm Sysdig has found what could be the first ransomware attack to be fully conducted by an AI operator. This new operator has been dubbed 'JADEPUFFER', and has exploited CVE-2025-3248; which is related to open-source tool Langflow. This CVE takes advantage of the

    @Leila97726926

    2 Jul 2026

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🚨 Sysdig says it has found the first ransomware attack run entirely by an AI agent. Dubbed JADEPUFFER, the operation - exploited CVE-2025-3248 (unauthenticated RCE in Langflow, patched since 2025), - harvested API keys and cloud credentials, pivoted via a 2021 Nacos auth

    @techepages

    2 Jul 2026

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🔥 An AI agent turned Langflow RCE into automated database extortion. CVE-2025-3248 exploited to steal secrets, move laterally, hijack Nacos, encrypt 1,342 configuration items, and drop database schemas. Inside the attack chain: https://t.co/cOH8aKxW2o https://t.co/ZSs6GEFiQ9

    @TheHackersNews

    2 Jul 2026

    16522 Impressions

    20 Retweets

    45 Likes

    14 Bookmarks

    3 Replies

    0 Quotes

  25. First documented agentic ransomware: JADEPUFFER ran a fully automated database extortion operation end-to-end via LLM, exploiting CVE-2025-3248 in Langflow to pivot and destroy 1,342 Nacos configs. - CVE-2025-3248 is an unauthenticated RCE in Langflow's code-validation endpoint.

    @DFIR_Radar

    1 Jul 2026

    195 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. Langflowの認証不要RCE脆弱性CVE-2026-33017を悪用してクリプトマイナーを展開するキャンペーンが観測されています。Langflowは2025年6月のCVE-2025-3248(Flodrixボットネットが悪用)に続き、1年で2度目の同種のRCEが突か

    @MalwareBibleJP

    30 Jun 2026

    1220 Impressions

    0 Retweets

    7 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  27. 1/ CISA added CVE-2025-3248 in Langflow to the Known Exploited Vulnerabilities catalog. Every vendor blog will frame this as "AI infrastructure under attack" like it's some new threat category. It's a pre-auth remote code execution bug in a Python web app. That's it. That's the

    @4A4556494C

    23 May 2026

    285 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  28. 🚨 CISA just added 2 actively exploited vulnerabilities to the KEV catalog: Langflow (CVE-2025-3248) & Trend Micro Apex One (CVE-2025-24132). Attackers are moving fast. Are you patching faster? Read the full breakdown: https://t.co/tSl22BTD08...

    @cybernytronx

    22 May 2026

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Langflow CVE-2025-3248: unauthenticated remote code execution via an API endpoint. Affects all versions before 1.3.0. If your AI agent stack includes Langflow, update it. Published April 2025. https://t.co/AGY4Zwp1tz

    @DarshanSays

    29 Apr 2026

    172 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  30. `Langflow` is affected by an unauthenticated RCE vulnerability (CVE-2025-3248). Assess system exposure and implement network access controls. #Langflow #RCE #infosec https://t.co/wKqmrCT51p

    @pulsepatchio

    2 Apr 2026

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. CVE-2025-3248 — Langflow's /api/v1/validate/code executes user-supplied Python before auth. CVSS 9.8. CISA KEV. Post-RCE, attackers run printenv. Langflow holds LLM API keys, database conxn strings, and cloud creds. High value density in a single process. #AIAgents

    @DFIR_TNT

    30 Mar 2026

    175 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Langflow just got its second CISA KEV in two years. CVE-2026-33017. Same exec() architecture as CVE-2025-3248. Attackers went from advisory to credential harvesting in 24 hours - no PoC required. This is not a patch problem. It is an architecture problem that was never fixed.

    @jlabernathy

    28 Mar 2026

    121 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. I found CVE-2026-33017, a Critical 9.3 unauthenticated RCE in Langflow, by looking at the code path the previous CISA KEV fix (CVE-2025-3248) missed. - https://t.co/gFBy4aiRQe #aisecurity #langflowvulnerability

    @hackernoon

    26 Mar 2026

    338 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Another feature update today, focused on two new CVEs, now live on Github, see details below: CVE-2025-3248 - Looks at Langflow package versions. Flags vulnerable if your version is below known safe versions. CVE-2025-34291 - Looks at both version and web security settings.

    @CoyoteSecure

    22 Feb 2026

    4493 Impressions

    1 Retweet

    7 Likes

    3 Bookmarks

    0 Replies

    2 Quotes

  35. As you all know by now, weekends is when I code on Coyote, and today has been a busy day! Just pushed another update, this one to address two recent security vulnerabilities, details below. CVE-2025-3248 - Looks at Langflow package versions. Flags vulnerable if your version is

    @CoyoteSecure

    22 Feb 2026

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  36. 1/3 geçen sene CVE-2025-3248 ve CVE-2025-57760 açıklarını shodan,zoomeye,fofa gibi yerlerde exploit eden bi tool yazmıştım threat hunt amaçlı. Bayağı da bi sunucu rootlandı.

    @testaccountogul

    13 Jan 2026

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Cytellite recent detection targeting CVE-2025-3248 — M247 Europe SRL Visit -- https://t.co/JgFgTw2h2h #Loginsoft #Cytellite #Cybersecurity #CVE20253248 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/6PcerXypgU

    @Loginsoft_Intel

    10 Jan 2026

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Cytellite recent detection targeting CVE-2025-3248 — M247 Europe SRL Visit -- https://t.co/JgFgTw2h2h #Loginsoft #Cytellite #Cybersecurity #CVE20253248 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/9cN1CjZrzs

    @Loginsoft_Intel

    10 Jan 2026

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. 🚨 أعلى 10 ثغرات عالية الخطورة في 2025 واستُغلت فعلاً في البرية 🚨 🔐 كشف تقرير CyberSecurityNews عن أخطر الثغرات التي هزّت الأمن السيبراني في 2025 — تأثيرها كان كبيرً

    @Infoandtech3

    2 Jan 2026

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. 2025年 実際に悪用された高リスク脆弱性 Top10 1 Langflow 未認証コード実行 CVE-2025-3248 2 Microsoft SharePoint Server RCE(ToolShell) CVE-2025-53770 / CVE-2025-53771 3 sudo 権限昇格(chroot処理不備) CVE-2025-32463 4 Docker Desktop コンテ

    @yousukezan

    1 Jan 2026

    1476 Impressions

    1 Retweet

    15 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  41. Top 10 High-Risk Vulnerabilities of 2025 Langflow Unauthorized Code Injection Vulnerability (CVE-2025-3248): With a CVSS score of 9.8, this vulnerability stems from inadequate sandbox isolation and missing input filtering, enabling attackers to inject malicious code via API

    @blackorbird

    25 Dec 2025

    6818 Impressions

    2 Retweets

    18 Likes

    7 Bookmarks

    0 Replies

    1 Quote

  42. BREAKING: CVE-2025-3248 exposes critical vulnerability in AI agent frameworks - attackers can manipulate agent behavior via unauthenticated requests, plant backdoors in AI-generated code, achieve arbitrary code execution. Thread on the 6 critical security gaps enterprises face:

    @godel_sh

    5 Nov 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  43. 🚨 CVE-2025-3248: Langflow RCE PoC ⚠️ Only for educational purposes & ethical hacking 👍 Like, comment & share if this helped! #CyberSecurity #EthicalHacking #CVE #Exploit #PoC #RedTeam #BugBounty #Infosec #Pentesting #OSCP https://t.co/aWCluy3X9h

    @r0otk3r

    29 Oct 2025

    94 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Langflow: CVE-2025-3248: Active Exploitation https://t.co/sLho1n0Kv4

    @Karma_X_Inc

    19 Oct 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. New post: "LangflowのCVE-2025-3248を例としたFalcoによるCI/CDセキュリティ強化 | SHIFT Group 技術ブログ" https://t.co/JYj79FOVIB

    @OCGOT1616

    18 Aug 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. ”攻撃者は、本脆弱性に未対処のLangflowサーバ上でダウンロード用スクリプトを実行し、Flodrixのマルウェアをインストールします” #AI AI開発ツール「Langflow」の重大な脆弱性「CVE-2025-3248」を悪用してFlodrix

    @zubora_engineer

    18 Aug 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. AI開発ツール「Langflow」の重大な脆弱性「CVE-2025-3248」を悪用してFlodrixボットネットを ... https://t.co/UxuJUt5m96 #izumino_trend

    @sec_trend

    16 Aug 2025

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 🚨 ثغرة CVE-2025-3248 #RCE في Langflow (<1.3.0) ​ تنفيذ تعليمات برمجية Python عشوائية دون مصادقة. ​ 🔹 Endpoint: /api/v1/validate/code ​ 🔹 Impact: Remote code execution ​ 🔍 Query: title:"Langflow" favicon:66f2ee4a ​

    @CriminalIP_AR

    28 Jul 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. 🚨 CVE-2025-3248 #RCE in Langflow (<1.3.0) Allows arbitrary Python code execution without auth. One malicious POST can lead to full server compromise. 🔹 Endpoint: /api/v1/validate/code 🔹 Impact: Remote code execution 🔍 Query: title:"Langflow" favicon:66f2ee4a Deta

    @CriminalIP_US

    25 Jul 2025

    141 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  50. In our latest blog article, we demonstrate how to simulate with M&NTIS, and detect with #𝐒𝐮𝐫𝐢𝐜𝐚𝐭𝐚, an exploitation attempt of CVE-2025-3248 targeting Langflow: https://t.co/AksewxinQZ

    @mantis_platform

    22 Jul 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations