CVE-2025-3248

Actively exploited CVE : CVE-2025-3248

(🧵Thread) CVE-2025-3248: Renewed Interest in Langflow Remote Code Execution Key findings: 🔹 Despite initial hacker interest after the exploit's public release (April 9), attacks detected by the CrowdSec Network plummeted to near zero within days, likely due to rapid detec

Actively exploited CVE : CVE-2025-3248

GitHub - tiemio/RCE-CVE-2025-3248: This Python script exploits CVE-2025-3248 to execute arbitrary commands or spawn a reverse shell on a vulnerable system. Authentication is required to use this exploit. https://t.co/xRbdKjQpuL

Actively exploited CVE : CVE-2025-3248

#threatreport #LowCompleteness Langflow: CVE-2025-3248: Active Exploitation | 23-05-2025 Source: https://t.co/GWEJMHdwVw Key details below ↓ 🏭Industry: Government 🌐Geo: Singapore, Australia, Taiwan, Belgium, China, Israel, Germany, Hong kong, Brazil, Korea, Mexico, Thai

🚨 New CVE Alert: CVE-2025-3248 A critical missing authentication vulnerability affecting Langflow versions before 1.3.0 has been identified, with active exploitation attempts already observed in the wild. Our latest blog breaks down the risk, real-world activity, and how to ht

【MBSD-SOCの検知傾向トピックス】 2025年4月分#MBSD#SOCの検知傾向トピックスを公開しました。 今月は、Langflowの脆弱性（CVE-2025-3248）を狙った攻撃を観測しました。 ▼詳しくはこちらをご覧ください https://t.co/nMp

⚠️ Faille critique dans #Langflow (CVE-2025-3248) Une exécution de code à distance via exec() accessible sans authentification 😱 Article complet 👉 https://t.co/OOGZprNpJg #RCE #Cybersecurity #Python #OpenSource #IA https://t.co/fqnm8ZqzOf

آسیب پذیری جدیدی با کد شناسایی CVE-2025-3248 برای فریمورک Langflow منتشر شده است. این فریمورک که open source می باشد ، برای ساخت language model applications استفاده می شود. هکرها با اس

Actively exploited CVE : CVE-2025-3248

Attackers are hijacking #AI apps using a Langflow vulnerability (CVE-2025-3248). Unpatched AI workflows are being remotely taken over. If you run Langflow, patch now. https://t.co/weEIyqyK8E

The critical command injection vulnerability (CVE-2025-3248) disclosed in the Langflow web app last month is now being actively exploited, and Censys researcher Jackson Roilf explains the potential impact of the bug and how widespread the exploitation is. https://t.co/JkFYIIY5zt

CYBER ALERT 🚨 Langflow users: CVE-2025-3248 allows attackers to run code on your servers—putting AI apps, data, and uptime at risk. Update to v1.3.0 or isolate access now. #Langflow #CyberAlert #RCE #PatchNow #CVE20253248 #ZeroDay #AItools #TechNews https://t.co/MgZjcDT3kE

CVE-2025-3248 : Critical Langflow RCE flaw exploited to hack AI app servers https://t.co/mATBPqedC7 https://t.co/BbNh6UyVlo

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a serious security vulnerability in Langflow, an open-source AI workflow platform, that is now being actively exploited. The flaw, tracked as CVE-2025-3248, allows attackers to take full control of

📌 CISA adds actively exploited Langflow flaw (CVE-2025-3248, CVSS 9.8) to KEV catalog. #CyberSecurity #Vulnerability https://t.co/yMh3L7kFpS https://t.co/3Ef9GSlGlg

🗞️ Critical Langflow RCE Vulnerability Actively Exploited to Compromise AI Servers CISA warns of active exploitation of CVE-2025-3248, a critical Langflow RCE flaw allowing unauthenticated attackers to seize control of AI app servers. Organizations must urgently update to h

🚨 Actively Exploited: CVE-2025-3248 – Langflow Remote Code Execution Flaw 🚨  CISA has added Langflow’s unauthenticated RCE vulnerability to its known exploited list, urging immediate action.  About the vulnerability:  • Affects Langflow < v1.3.0  • Unau

米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1332 CVE-2025-3248 Langflow Missing Authentication Vulnerability ============= CVSSスコア：9.8 (Base) / VulnCheck CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 種別：重要

クリティカルなLangflow RCE欠陥が利用され、AIアプリのサーバーがハッキングされる(CVE-2025-3248) https://t.co/b69s8LBg6P #Security #セキュリティ #ニュース

「容易に悪用可能な」Langflowの脆弱性は、即時のパッチ適用が必要(CVE-2025-3248) https://t.co/0zKXsluTc8 #Security #セキュリティ #ニュース

[Critical vulnerability CVE-2025-3248 in Langflow] A critical CVE-2025-3248 vulnerability has been discovered in the Langflow platform, which allows remote execution of arbitrary code without authentication. The vulnerability is already actively used by attackers in real https:/

Langflowに認証なしでリモートコード実行を可能にする重大な脆弱性（CVE-2025-3248）が発見された。Pythonのexec()関数の不適切な使用により、攻撃者が任意のコマンドを実行可能。バージョン1.3.0で修正されたが、

🚨 Langflow RCE flaw (CVE-2025-3248) hits CISA KEV list Unauthenticated attackers can run arbitrary Python code via a public API—460+ servers exposed. Patch by May 26. https://t.co/Zhmrgagb0G #CyberSecurity #RCE https://t.co/pN3JlvWvf9

🔴 Hay una falla crítica de RCE (CVE-2025-3248) que permite a cualquier cibercriminal tomar el control de servidores Langflow. Langflow es una herramienta de programación visual de código abierto para crear flujos de trabajo basados ​​en LLM mediante componentes de Lang

⚠️ A critical RCE vulnerability, CVE-2025-3248, in Langflow has been exploited, allowing attackers to take control of servers via a flawed API. Upgrade to version 1.3.0 to mitigate risks. #Langflow #RCE #USA link: https://t.co/r4bcXK53YG https://t.co/8c3G7VjC0x

CVSS 9.8 Alert 🚨 CVE-2025-3248 has been identified in Langflow, a tool used for building applications with Large Language Models (LLMs). This vulnerability, a "Missing Authentication Vulnerability" in the /api/v1/validate/code endpoint, allows remote, unauthenticated attackers

RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248) https://t.co/7sMDybMdad #HelpNetSecurity #Cybersecurity https://t.co/9ua2lOCyU5

🚨 CVE Alert: Langflow Missing Authentication Vulnerability Exploited In The wild 🚨 Vulnerability Details:CVE-2025-3248 (CVSS v3 9.8/10) Langflow Missing Authentication Vulnerability Impact: A Successful exploit may allows a remote, unauthenticated attacker to execute htt

📌 Critical security flaw in open-source platform Langflow added to CISA's KEV catalog due to active exploitation. Vulnerability CVE-2025-3248 scores 9.8/10.0. #CyberSecurity #Langflow https://t.co/4rg2Wx34Km https://t.co/gOUXV3DxDu

📌 تم إضافة ثغرة أمنية حادة تؤثر على منصة Langflow مفتوحة المصدر إلى قائمة الثغرات المعروفة المستغلة (KEV) من قبل وكالة الأمن السيبراني الأمريكية (CISA)، نظراً لل

🛑 Critical Langflow Flaw Actively Exploited! CISA has added CVE-2025-3248 to its Known Exploited Vulnerabilities list. • CVSS: 9.8 • Affects most Langflow versions • Allows remote code execution without login • PoC exploit published April 9 • 466 servers exposed wo

🗣️ Langflow Under Attack: CISA Warns of Active Exploitation of CVE-2025-3248 https://t.co/dh5J1HWano

Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-3248 #Langflow Missing Authentication Vulnerability https://t.co/FDyDqGXhWP

🛡️ We added a Langflow missing authentication vulnerability CVE-2025-3248 to our Known Exploited Vulnerabilities Catalog. Visit Redirect to https://t.co/bJOgGeWmb8 & apply mitigations to protect your org from cyberattacks. https://t.co/yuLD3FJm8y

『The issue resides in the platform’s /api/v1/validate/code endpoint, which improperly invokes Python’s built-in exec() function on user-supplied code without authentication or sandboxing.』 CVE-2025-3248: RCE vulnerability in Langflow https://t.co/CpWbbJaAnO

Critical RCE flaw (CVE-2025-3248) hits Langflow, allowing unauthenticated attackers to execute arbitrary code. Patch to v1.3.0 now! This follows the recent PyTorch vuln, signaling major RCE risks in AI tools. 🛡️ #Cybersecurity #Langflow #AI https://t.co/HzhqmhaYMe

CVE-2025-3248 is a vulnerability that allows attackers to perform remote code execution by exploiting Langflow’s API endpoint. Mitigate this vulnerability immediately by updating to version 1.3.0. Learn more here: https://t.co/4d2zWD7xVI https://t.co/piYN2T9fUc

Metasploitが最新アップデートを発表。新オプション「PIPE_FETCH」でfetch payloadのコマンドサイズを大幅削減。BentoML（CVE-2025-27520）とLangflow（CVE-2025-3248）のRCEモジュール追加。各種モジュールの機能強化とバグ修正も実施。 https://t.co/URXHp3fibR

🚨 AI devs, CVE-2025-3248 is a NIGHTMARE! 😱 Hackers can OWN your Langflow server w/ ZERO auth—CVSS 9.8 critical! Exploits are LIVE on TOR. Don’t let your AI workflows get pwned. 🛡️ Click for the ultimate guide to patch & protect + real PoCs. Be the hero who locks it do

Top 5 Trending CVEs: 1 - CVE-2021-35587 2 - CVE-2025-30406 3 - CVE-2023-43622 4 - CVE-2025-24813 5 - CVE-2025-3248 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

Hello. Today's 1day1ilne is CVE-2025-3248. https://t.co/BrsOFHQOpU A code injection vulnerability was discovered in LangFlow, an AI agent build and deployment tool. It seems to be a vulnerability that must be considered in the structure that executes the code created by LLM.

New post from https://t.co/uXvPWJy6tj (Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248), (Sat, Apr 12th)) has been published on https://t.co/Ks75lZZEqe https://t.co/mHthKlfdvo

Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248) https://t.co/JF0V9puOft https://t.co/Zq10T16GZG

Python製のWebアプリケーションLangflowに未認証のまま/api/v1/validate/codeエンドポイントを介して遠隔から任意コードを実行できる深刻な脆弱性(CVE-2025-3248)が報告された。 攻撃者は環境変数やシステム情報を窃取でき、最悪の場合はサーバを完全に制御される恐れがある。

🚨 CVE-2025-3248 - critical 🚨 Langflow AI - Unauthenticated Remote Code Execution > Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/val... 👾 https://t.co/T1ebXcxBJj @pdnuclei #NucleiTemplates #cve

CVE-2025-3248 : Abusing Python Exec for Unauth RCE in Langflow AI https://t.co/Jti0akPbPu https://t.co/S5sPwJvotT

We discovered an interesting code injection vulnerability, CVE-2025-3248, affecting #Langflow, a popular agentic AI workflow tool. This enables unauthenticated attackers to fully compromise Langflow servers. https://t.co/o3YQ3fE4XR

#CVE-2025-3248 #DeepSeek 在复现LangFlow 的代码执行漏洞，直接把出现漏洞的代码丢给DeepSeek，它成功构造出了漏洞利用代码，甚至还能帮你构造一个回显的POC。👍👍 https://t.co/IAz2Zo8bVu https://t.co/Mblnkwubrk