AI description
CVE-2025-3248 is a code injection vulnerability that affects Langflow versions prior to 1.3.0. It exists in the `/api/v1/validate/code` endpoint, where a remote, unauthenticated attacker can send crafted HTTP requests to execute arbitrary code on the server. This vulnerability allows attackers to gain control of vulnerable Langflow servers without needing authentication. To remediate this vulnerability, users are advised to upgrade to Langflow version 1.3.0 or restrict network access to the application.
- Description
- Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- langflow
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Langflow Missing Authentication Vulnerability
- Exploit added on
- May 5, 2025
- Exploit action due
- May 26, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Langflow CVE-2025-3248: unauthenticated remote code execution via an API endpoint. Affects all versions before 1.3.0. If your AI agent stack includes Langflow, update it. Published April 2025. https://t.co/AGY4Zwp1tz
@DarshanSays
29 Apr 2026
172 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
`Langflow` is affected by an unauthenticated RCE vulnerability (CVE-2025-3248). Assess system exposure and implement network access controls. #Langflow #RCE #infosec https://t.co/wKqmrCT51p
@pulsepatchio
2 Apr 2026
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3248 — Langflow's /api/v1/validate/code executes user-supplied Python before auth. CVSS 9.8. CISA KEV. Post-RCE, attackers run printenv. Langflow holds LLM API keys, database conxn strings, and cloud creds. High value density in a single process. #AIAgents
@DFIR_TNT
30 Mar 2026
175 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Langflow just got its second CISA KEV in two years. CVE-2026-33017. Same exec() architecture as CVE-2025-3248. Attackers went from advisory to credential harvesting in 24 hours - no PoC required. This is not a patch problem. It is an architecture problem that was never fixed.
@jlabernathy
28 Mar 2026
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I found CVE-2026-33017, a Critical 9.3 unauthenticated RCE in Langflow, by looking at the code path the previous CISA KEV fix (CVE-2025-3248) missed. - https://t.co/gFBy4aiRQe #aisecurity #langflowvulnerability
@hackernoon
26 Mar 2026
338 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Another feature update today, focused on two new CVEs, now live on Github, see details below: CVE-2025-3248 - Looks at Langflow package versions. Flags vulnerable if your version is below known safe versions. CVE-2025-34291 - Looks at both version and web security settings.
@CoyoteSecure
22 Feb 2026
4493 Impressions
1 Retweet
7 Likes
3 Bookmarks
0 Replies
2 Quotes
As you all know by now, weekends is when I code on Coyote, and today has been a busy day! Just pushed another update, this one to address two recent security vulnerabilities, details below. CVE-2025-3248 - Looks at Langflow package versions. Flags vulnerable if your version is
@CoyoteSecure
22 Feb 2026
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
1/3 geçen sene CVE-2025-3248 ve CVE-2025-57760 açıklarını shodan,zoomeye,fofa gibi yerlerde exploit eden bi tool yazmıştım threat hunt amaçlı. Bayağı da bi sunucu rootlandı.
@testaccountogul
13 Jan 2026
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cytellite recent detection targeting CVE-2025-3248 — M247 Europe SRL Visit -- https://t.co/JgFgTw2h2h #Loginsoft #Cytellite #Cybersecurity #CVE20253248 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/6PcerXypgU
@Loginsoft_Intel
10 Jan 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cytellite recent detection targeting CVE-2025-3248 — M247 Europe SRL Visit -- https://t.co/JgFgTw2h2h #Loginsoft #Cytellite #Cybersecurity #CVE20253248 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/9cN1CjZrzs
@Loginsoft_Intel
10 Jan 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 أعلى 10 ثغرات عالية الخطورة في 2025 واستُغلت فعلاً في البرية 🚨 🔐 كشف تقرير CyberSecurityNews عن أخطر الثغرات التي هزّت الأمن السيبراني في 2025 — تأثيرها كان كبيرً
@Infoandtech3
2 Jan 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025年 実際に悪用された高リスク脆弱性 Top10 1 Langflow 未認証コード実行 CVE-2025-3248 2 Microsoft SharePoint Server RCE(ToolShell) CVE-2025-53770 / CVE-2025-53771 3 sudo 権限昇格(chroot処理不備) CVE-2025-32463 4 Docker Desktop コンテ
@yousukezan
1 Jan 2026
1476 Impressions
1 Retweet
15 Likes
7 Bookmarks
0 Replies
0 Quotes
Top 10 High-Risk Vulnerabilities of 2025 Langflow Unauthorized Code Injection Vulnerability (CVE-2025-3248): With a CVSS score of 9.8, this vulnerability stems from inadequate sandbox isolation and missing input filtering, enabling attackers to inject malicious code via API
@blackorbird
25 Dec 2025
6818 Impressions
2 Retweets
18 Likes
7 Bookmarks
0 Replies
1 Quote
BREAKING: CVE-2025-3248 exposes critical vulnerability in AI agent frameworks - attackers can manipulate agent behavior via unauthenticated requests, plant backdoors in AI-generated code, achieve arbitrary code execution. Thread on the 6 critical security gaps enterprises face:
@godel_sh
5 Nov 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-3248: Langflow RCE PoC ⚠️ Only for educational purposes & ethical hacking 👍 Like, comment & share if this helped! #CyberSecurity #EthicalHacking #CVE #Exploit #PoC #RedTeam #BugBounty #Infosec #Pentesting #OSCP https://t.co/aWCluy3X9h
@r0otk3r
29 Oct 2025
94 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Langflow: CVE-2025-3248: Active Exploitation https://t.co/sLho1n0Kv4
@Karma_X_Inc
19 Oct 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post: "LangflowのCVE-2025-3248を例としたFalcoによるCI/CDセキュリティ強化 | SHIFT Group 技術ブログ" https://t.co/JYj79FOVIB
@OCGOT1616
18 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
”攻撃者は、本脆弱性に未対処のLangflowサーバ上でダウンロード用スクリプトを実行し、Flodrixのマルウェアをインストールします” #AI AI開発ツール「Langflow」の重大な脆弱性「CVE-2025-3248」を悪用してFlodrix
@zubora_engineer
18 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AI開発ツール「Langflow」の重大な脆弱性「CVE-2025-3248」を悪用してFlodrixボットネットを ... https://t.co/UxuJUt5m96 #izumino_trend
@sec_trend
16 Aug 2025
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرة CVE-2025-3248 #RCE في Langflow (<1.3.0) تنفيذ تعليمات برمجية Python عشوائية دون مصادقة. 🔹 Endpoint: /api/v1/validate/code 🔹 Impact: Remote code execution 🔍 Query: title:"Langflow" favicon:66f2ee4a
@CriminalIP_AR
28 Jul 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3248 #RCE in Langflow (<1.3.0) Allows arbitrary Python code execution without auth. One malicious POST can lead to full server compromise. 🔹 Endpoint: /api/v1/validate/code 🔹 Impact: Remote code execution 🔍 Query: title:"Langflow" favicon:66f2ee4a Deta
@CriminalIP_US
25 Jul 2025
141 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
In our latest blog article, we demonstrate how to simulate with M&NTIS, and detect with #𝐒𝐮𝐫𝐢𝐜𝐚𝐭𝐚, an exploitation attempt of CVE-2025-3248 targeting Langflow: https://t.co/AksewxinQZ
@mantis_platform
22 Jul 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6 Trend™ Research has identified an active Flodrix botnet campaign exploiting CVE-2025-3248 in vulnerable Langflow servers. Attackers are using the flaw to deploy malware, putting affected systems at risk of full compromise. Follow this thread and learn more about its https
@trendai_RSRCH
19 Jul 2025
32912 Impressions
5 Retweets
27 Likes
0 Bookmarks
2 Replies
0 Quotes
A new critical vulnerability in LangFlow (CVE-2025-3248) is being actively exploited to deploy the Flodrix botnet. This high-severity flaw allows unauthenticated remote code execution. https://t.co/d6Hpc1QfgC #CyberSecurity #Ransomware
@theattacksurfac
12 Jul 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3248 is a critical unauthenticated RCE in Langflow now being exploited by the Flodrix #botnet. Dual C&C, code injection, and self-deletion make this a high-priority threat. Proactive security starts here: ⬇️ https://t.co/0HCzLHc7xh https://t.co/1AKKQt1yf7
@trendai_RSRCH
12 Jul 2025
549 Impressions
4 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Vision One™ protects enterprises from CVE-2025-3248 exploitation attempts with network security rules, threat insights, and hunting queries. Gain visibility into Flodrix IOCs and secure your Langflow systems. Full protection details: ⬇️ https://t.co/0HCzLHc7xh https
@trendai_RSRCH
7 Jul 2025
552 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
4 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical vulnerability CVE-2025-3248 in Langflow prior to 1.3.0 is actively exploited to deploy Flodrix botnet, enabling DDoS and data theft via malicious Python payloads. Stay alert! 🚨 #CVE20253248 #Flodrix #China https://t.co/WWEYmhSj8l
@TweetThreatNews
3 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Vision One™ protects enterprises from CVE-2025-3248 exploitation attempts with network security rules, threat insights, and hunting queries. Gain visibility into Flodrix IOCs and secure your Langflow systems. Full protection details:⬇️ https://t.co/0HCzLHc7xh http
@trendai_RSRCH
3 Jul 2025
469 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Threat Actors Exploit CVE-2025-3248 to Deliver Flodrix Botnet | 30-06-2025 Source: https://t.co/w9WO1pgqKZ Key details below ↓ 💀Threats: Flodrix_botnet, Leethozer_botnet, 🔓CVEs: CVE-2025-3248 \[[Vulners](https://t.co/aFhtotmRvx)] - CVSS
@rst_cloud
1 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Langflow’s growing use in intelligent automation makes it an attractive target. CVE-2025-3248 allows unauthenticated code execution on versions below 1.3.0—posing a critical risk to enterprise environments. Review mitigation steps now:⬇️ https://t.co/0HCzLHc7xh https://
@trendai_RSRCH
30 Jun 2025
505 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
人気のAIプロトタイピング用Pythonフレームワーク「Langflow」が重大な脆弱性(CVE-2025-3248)により攻撃を受けている。
@yousukezan
30 Jun 2025
2356 Impressions
5 Retweets
16 Likes
11 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
30 Jun 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-3248 ... https://t.co/RCidGXRHZa
@nasibaliyusibov
29 Jun 2025
57 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨CVE-2025-3248: RCE vulnerability in Langflow Link: https://t.co/zvB6RhBYib ZoomEye Dork: app="Langflow" Results: 1,862 Advisory: https://t.co/jOKO3VWQpK PoC: https://t.co/sjusZmZVXJ CVSS: 9.3 https://t.co/cUS6NrEfxN
@DarkWebInformer
29 Jun 2025
12703 Impressions
28 Retweets
142 Likes
48 Bookmarks
2 Replies
0 Quotes
CVE-2025-3248 (CVSS 9.8) is being actively exploited to deliver the #Flodrix botnet. Vulnerable Langflow deployments may face full system compromise, data loss, or DDoS attacks. Enterprises must patch to v1.3.0 and restrict public access immediately:⬇️ https://t.co/0HCzLHc7
@trendai_RSRCH
29 Jun 2025
595 Impressions
1 Retweet
3 Likes
3 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
29 Jun 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
28 Jun 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Threat actors are reportedly exploiting CVE-2025-3248 to deliver the Flodrix Botnet, targeting AI verticals and linked to the LeetHozer family. #CyberSecurity #FlodrixBotnet https://t.co/ua14mF6Vib
@Cyber_O51NT
28 Jun 2025
541 Impressions
2 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
#Threatactors are exploiting CVE-2025-3248 to deliver the #Flodrix botnet, a new #malware targeting vulnerable servers with #DDoS capabilities & stealthy persistence. @TrendMicro recently reported on it. Check out our blog for more info & related samples. https://t.co/Qz
@PolySwarm
27 Jun 2025
658 Impressions
9 Retweets
31 Likes
1 Bookmark
1 Reply
0 Quotes
Flodrix exploits Langflow’s critical validation flaw (CVE-2025-3248) to gain unauthenticated RCE through a single POST request. Learn how to defend your environment: ⬇️ https://t.co/0HCzLHc7xh https://t.co/vruR1ys9Cs
@trendai_RSRCH
27 Jun 2025
403 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6 Trend™ Research has identified an active Flodrix #botnet campaign exploiting CVE-2025-3248 in vulnerable Langflow servers. Attackers are using the flaw to deploy malware, putting affected systems at risk of full compromise. Learn more here: https://t.co/oT8sk48EqK https:/
@TrendMicro
26 Jun 2025
384 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-3248 (CVSS 9.8) is being actively exploited to deliver the #Flodrix botnet. Vulnerable Langflow deployments may face full system compromise, data loss, or DDoS attacks. Enterprises must patch to v1.3.0 and restrict public access immediately: https://t.co/eFlB6KXG2M
@TrendMicro
24 Jun 2025
423 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3248 - RCE Scanner Released A critical Remote Code Execution vulnerability has been identified and a PoC scanner is now available. Ideal for security researchers and red teamers. 🛠️ Tool & Exploit: https://t.co/hbgV2r1DdU #CyberSecurity #RCE #CVE2025 #BugB
@issam_juniorx
23 Jun 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#RCE attempts targeting Langflow (CVE-2025-3248) to distribute #redtail #xmrig #coinminer 2025-06-20 23:33:10 UTC Source IPs: 193.32.162.157 🇷🇴 and 185.93.89.118 🇮🇷 POST /api/v1/validate/code IOCs: 66.63.187.193 🇺🇸 hxxp://66.63.187.193/sh 45ccafcdc6e78bd6471a7
@sicehice
23 Jun 2025
504 Impressions
1 Retweet
3 Likes
3 Bookmarks
0 Replies
0 Quotes
📌 Critical Langflow vulnerability (CVE-2025-3248) exploited for Flodrix botnet. Predator group remains active. #CyberSecurity #Malware https://t.co/pGr0H0UdOC https://t.co/eHE6TnM3t4
@CyberHub_blog
23 Jun 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet | 19-06-2025 Source: https://t.co/mkbrMXzHxk Key details below ↓ 💀Threats: Flodrix_botnet, Leethozer_botnet, 🎯Victims: Organizations using langflo
@rst_cloud
20 Jun 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Trend Micro uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data. https://t.co/ENlGEXDMcR
@virusbtn
20 Jun 2025
1627 Impressions
8 Retweets
21 Likes
6 Bookmarks
0 Replies
1 Quote
CVE-2025-3248 - Langflow RCE Exploit Shodan: http.title:"Langflow" "Langflow allows you to build LLM applications" title:"Langflow" ZoomEye: app="Langflow" #bugbounty #bugbbountytips #rce https://t.co/mRNLUcr86k
@zapstiko
20 Jun 2025
1179 Impressions
5 Retweets
28 Likes
12 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in Langflow (CVE-2025-3248) allows attackers to remotely compromise systems without authentication. The sophisticated Flodrix botnet is already putting sensitive business data at risk. Is your organization proactively secured? https://t.co/4sBWJcWXgs htt
@natordas
20 Jun 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "464AFA20-81A9-41A6-B9F1-CD38B64C40C7",
"versionEndExcluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]