- Description
- Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- langflow
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Langflow Missing Authentication Vulnerability
- Exploit added on
- May 5, 2025
- Exploit action due
- May 26, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
`Langflow` is affected by an unauthenticated RCE vulnerability (CVE-2025-3248). Assess system exposure and implement network access controls. #Langflow #RCE #infosec https://t.co/wKqmrCT51p
@pulsepatchio
2 Apr 2026
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3248 — Langflow's /api/v1/validate/code executes user-supplied Python before auth. CVSS 9.8. CISA KEV. Post-RCE, attackers run printenv. Langflow holds LLM API keys, database conxn strings, and cloud creds. High value density in a single process. #AIAgents
@DFIR_TNT
30 Mar 2026
175 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Langflow just got its second CISA KEV in two years. CVE-2026-33017. Same exec() architecture as CVE-2025-3248. Attackers went from advisory to credential harvesting in 24 hours - no PoC required. This is not a patch problem. It is an architecture problem that was never fixed.
@jlabernathy
28 Mar 2026
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I found CVE-2026-33017, a Critical 9.3 unauthenticated RCE in Langflow, by looking at the code path the previous CISA KEV fix (CVE-2025-3248) missed. - https://t.co/gFBy4aiRQe #aisecurity #langflowvulnerability
@hackernoon
26 Mar 2026
338 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Another feature update today, focused on two new CVEs, now live on Github, see details below: CVE-2025-3248 - Looks at Langflow package versions. Flags vulnerable if your version is below known safe versions. CVE-2025-34291 - Looks at both version and web security settings.
@CoyoteSecure
22 Feb 2026
4493 Impressions
1 Retweet
7 Likes
3 Bookmarks
0 Replies
2 Quotes
As you all know by now, weekends is when I code on Coyote, and today has been a busy day! Just pushed another update, this one to address two recent security vulnerabilities, details below. CVE-2025-3248 - Looks at Langflow package versions. Flags vulnerable if your version is
@CoyoteSecure
22 Feb 2026
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
1/3 geçen sene CVE-2025-3248 ve CVE-2025-57760 açıklarını shodan,zoomeye,fofa gibi yerlerde exploit eden bi tool yazmıştım threat hunt amaçlı. Bayağı da bi sunucu rootlandı.
@testaccountogul
13 Jan 2026
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cytellite recent detection targeting CVE-2025-3248 — M247 Europe SRL Visit -- https://t.co/JgFgTw2h2h #Loginsoft #Cytellite #Cybersecurity #CVE20253248 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/6PcerXypgU
@Loginsoft_Intel
10 Jan 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cytellite recent detection targeting CVE-2025-3248 — M247 Europe SRL Visit -- https://t.co/JgFgTw2h2h #Loginsoft #Cytellite #Cybersecurity #CVE20253248 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/9cN1CjZrzs
@Loginsoft_Intel
10 Jan 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 أعلى 10 ثغرات عالية الخطورة في 2025 واستُغلت فعلاً في البرية 🚨 🔐 كشف تقرير CyberSecurityNews عن أخطر الثغرات التي هزّت الأمن السيبراني في 2025 — تأثيرها كان كبيرً
@Infoandtech3
2 Jan 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025年 実際に悪用された高リスク脆弱性 Top10 1 Langflow 未認証コード実行 CVE-2025-3248 2 Microsoft SharePoint Server RCE(ToolShell) CVE-2025-53770 / CVE-2025-53771 3 sudo 権限昇格(chroot処理不備) CVE-2025-32463 4 Docker Desktop コンテ
@yousukezan
1 Jan 2026
1476 Impressions
1 Retweet
15 Likes
7 Bookmarks
0 Replies
0 Quotes
Top 10 High-Risk Vulnerabilities of 2025 Langflow Unauthorized Code Injection Vulnerability (CVE-2025-3248): With a CVSS score of 9.8, this vulnerability stems from inadequate sandbox isolation and missing input filtering, enabling attackers to inject malicious code via API
@blackorbird
25 Dec 2025
6818 Impressions
2 Retweets
18 Likes
7 Bookmarks
0 Replies
1 Quote
BREAKING: CVE-2025-3248 exposes critical vulnerability in AI agent frameworks - attackers can manipulate agent behavior via unauthenticated requests, plant backdoors in AI-generated code, achieve arbitrary code execution. Thread on the 6 critical security gaps enterprises face:
@godel_sh
5 Nov 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-3248: Langflow RCE PoC ⚠️ Only for educational purposes & ethical hacking 👍 Like, comment & share if this helped! #CyberSecurity #EthicalHacking #CVE #Exploit #PoC #RedTeam #BugBounty #Infosec #Pentesting #OSCP https://t.co/aWCluy3X9h
@r0otk3r
29 Oct 2025
94 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Langflow: CVE-2025-3248: Active Exploitation https://t.co/sLho1n0Kv4
@Karma_X_Inc
19 Oct 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post: "LangflowのCVE-2025-3248を例としたFalcoによるCI/CDセキュリティ強化 | SHIFT Group 技術ブログ" https://t.co/JYj79FOVIB
@OCGOT1616
18 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
”攻撃者は、本脆弱性に未対処のLangflowサーバ上でダウンロード用スクリプトを実行し、Flodrixのマルウェアをインストールします” #AI AI開発ツール「Langflow」の重大な脆弱性「CVE-2025-3248」を悪用してFlodrix
@zubora_engineer
18 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AI開発ツール「Langflow」の重大な脆弱性「CVE-2025-3248」を悪用してFlodrixボットネットを ... https://t.co/UxuJUt5m96 #izumino_trend
@sec_trend
16 Aug 2025
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرة CVE-2025-3248 #RCE في Langflow (<1.3.0) تنفيذ تعليمات برمجية Python عشوائية دون مصادقة. 🔹 Endpoint: /api/v1/validate/code 🔹 Impact: Remote code execution 🔍 Query: title:"Langflow" favicon:66f2ee4a
@CriminalIP_AR
28 Jul 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3248 #RCE in Langflow (<1.3.0) Allows arbitrary Python code execution without auth. One malicious POST can lead to full server compromise. 🔹 Endpoint: /api/v1/validate/code 🔹 Impact: Remote code execution 🔍 Query: title:"Langflow" favicon:66f2ee4a Deta
@CriminalIP_US
25 Jul 2025
141 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
In our latest blog article, we demonstrate how to simulate with M&NTIS, and detect with #𝐒𝐮𝐫𝐢𝐜𝐚𝐭𝐚, an exploitation attempt of CVE-2025-3248 targeting Langflow: https://t.co/AksewxinQZ
@mantis_platform
22 Jul 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6 Trend™ Research has identified an active Flodrix botnet campaign exploiting CVE-2025-3248 in vulnerable Langflow servers. Attackers are using the flaw to deploy malware, putting affected systems at risk of full compromise. Follow this thread and learn more about its https
@trendai_RSRCH
19 Jul 2025
32912 Impressions
5 Retweets
27 Likes
0 Bookmarks
2 Replies
0 Quotes
A new critical vulnerability in LangFlow (CVE-2025-3248) is being actively exploited to deploy the Flodrix botnet. This high-severity flaw allows unauthenticated remote code execution. https://t.co/d6Hpc1QfgC #CyberSecurity #Ransomware
@theattacksurfac
12 Jul 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3248 is a critical unauthenticated RCE in Langflow now being exploited by the Flodrix #botnet. Dual C&C, code injection, and self-deletion make this a high-priority threat. Proactive security starts here: ⬇️ https://t.co/0HCzLHc7xh https://t.co/1AKKQt1yf7
@trendai_RSRCH
12 Jul 2025
549 Impressions
4 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Vision One™ protects enterprises from CVE-2025-3248 exploitation attempts with network security rules, threat insights, and hunting queries. Gain visibility into Flodrix IOCs and secure your Langflow systems. Full protection details: ⬇️ https://t.co/0HCzLHc7xh https
@trendai_RSRCH
7 Jul 2025
552 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
4 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical vulnerability CVE-2025-3248 in Langflow prior to 1.3.0 is actively exploited to deploy Flodrix botnet, enabling DDoS and data theft via malicious Python payloads. Stay alert! 🚨 #CVE20253248 #Flodrix #China https://t.co/WWEYmhSj8l
@TweetThreatNews
3 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Vision One™ protects enterprises from CVE-2025-3248 exploitation attempts with network security rules, threat insights, and hunting queries. Gain visibility into Flodrix IOCs and secure your Langflow systems. Full protection details:⬇️ https://t.co/0HCzLHc7xh http
@trendai_RSRCH
3 Jul 2025
469 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Threat Actors Exploit CVE-2025-3248 to Deliver Flodrix Botnet | 30-06-2025 Source: https://t.co/w9WO1pgqKZ Key details below ↓ 💀Threats: Flodrix_botnet, Leethozer_botnet, 🔓CVEs: CVE-2025-3248 \[[Vulners](https://t.co/aFhtotmRvx)] - CVSS
@rst_cloud
1 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Langflow’s growing use in intelligent automation makes it an attractive target. CVE-2025-3248 allows unauthenticated code execution on versions below 1.3.0—posing a critical risk to enterprise environments. Review mitigation steps now:⬇️ https://t.co/0HCzLHc7xh https://
@trendai_RSRCH
30 Jun 2025
505 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
人気のAIプロトタイピング用Pythonフレームワーク「Langflow」が重大な脆弱性(CVE-2025-3248)により攻撃を受けている。
@yousukezan
30 Jun 2025
2356 Impressions
5 Retweets
16 Likes
11 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
30 Jun 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-3248 ... https://t.co/RCidGXRHZa
@nasibaliyusibov
29 Jun 2025
57 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨CVE-2025-3248: RCE vulnerability in Langflow Link: https://t.co/zvB6RhBYib ZoomEye Dork: app="Langflow" Results: 1,862 Advisory: https://t.co/jOKO3VWQpK PoC: https://t.co/sjusZmZVXJ CVSS: 9.3 https://t.co/cUS6NrEfxN
@DarkWebInformer
29 Jun 2025
12703 Impressions
28 Retweets
142 Likes
48 Bookmarks
2 Replies
0 Quotes
CVE-2025-3248 (CVSS 9.8) is being actively exploited to deliver the #Flodrix botnet. Vulnerable Langflow deployments may face full system compromise, data loss, or DDoS attacks. Enterprises must patch to v1.3.0 and restrict public access immediately:⬇️ https://t.co/0HCzLHc7
@trendai_RSRCH
29 Jun 2025
595 Impressions
1 Retweet
3 Likes
3 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
29 Jun 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
28 Jun 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Threat actors are reportedly exploiting CVE-2025-3248 to deliver the Flodrix Botnet, targeting AI verticals and linked to the LeetHozer family. #CyberSecurity #FlodrixBotnet https://t.co/ua14mF6Vib
@Cyber_O51NT
28 Jun 2025
541 Impressions
2 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
#Threatactors are exploiting CVE-2025-3248 to deliver the #Flodrix botnet, a new #malware targeting vulnerable servers with #DDoS capabilities & stealthy persistence. @TrendMicro recently reported on it. Check out our blog for more info & related samples. https://t.co/Qz
@PolySwarm
27 Jun 2025
658 Impressions
9 Retweets
31 Likes
1 Bookmark
1 Reply
0 Quotes
Flodrix exploits Langflow’s critical validation flaw (CVE-2025-3248) to gain unauthenticated RCE through a single POST request. Learn how to defend your environment: ⬇️ https://t.co/0HCzLHc7xh https://t.co/vruR1ys9Cs
@trendai_RSRCH
27 Jun 2025
403 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6 Trend™ Research has identified an active Flodrix #botnet campaign exploiting CVE-2025-3248 in vulnerable Langflow servers. Attackers are using the flaw to deploy malware, putting affected systems at risk of full compromise. Learn more here: https://t.co/oT8sk48EqK https:/
@TrendMicro
26 Jun 2025
384 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-3248 (CVSS 9.8) is being actively exploited to deliver the #Flodrix botnet. Vulnerable Langflow deployments may face full system compromise, data loss, or DDoS attacks. Enterprises must patch to v1.3.0 and restrict public access immediately: https://t.co/eFlB6KXG2M
@TrendMicro
24 Jun 2025
423 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3248 - RCE Scanner Released A critical Remote Code Execution vulnerability has been identified and a PoC scanner is now available. Ideal for security researchers and red teamers. 🛠️ Tool & Exploit: https://t.co/hbgV2r1DdU #CyberSecurity #RCE #CVE2025 #BugB
@issam_juniorx
23 Jun 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#RCE attempts targeting Langflow (CVE-2025-3248) to distribute #redtail #xmrig #coinminer 2025-06-20 23:33:10 UTC Source IPs: 193.32.162.157 🇷🇴 and 185.93.89.118 🇮🇷 POST /api/v1/validate/code IOCs: 66.63.187.193 🇺🇸 hxxp://66.63.187.193/sh 45ccafcdc6e78bd6471a7
@sicehice
23 Jun 2025
504 Impressions
1 Retweet
3 Likes
3 Bookmarks
0 Replies
0 Quotes
📌 Critical Langflow vulnerability (CVE-2025-3248) exploited for Flodrix botnet. Predator group remains active. #CyberSecurity #Malware https://t.co/pGr0H0UdOC https://t.co/eHE6TnM3t4
@CyberHub_blog
23 Jun 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet | 19-06-2025 Source: https://t.co/mkbrMXzHxk Key details below ↓ 💀Threats: Flodrix_botnet, Leethozer_botnet, 🎯Victims: Organizations using langflo
@rst_cloud
20 Jun 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Trend Micro uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data. https://t.co/ENlGEXDMcR
@virusbtn
20 Jun 2025
1627 Impressions
8 Retweets
21 Likes
6 Bookmarks
0 Replies
1 Quote
CVE-2025-3248 - Langflow RCE Exploit Shodan: http.title:"Langflow" "Langflow allows you to build LLM applications" title:"Langflow" ZoomEye: app="Langflow" #bugbounty #bugbbountytips #rce https://t.co/mRNLUcr86k
@zapstiko
20 Jun 2025
1179 Impressions
5 Retweets
28 Likes
12 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in Langflow (CVE-2025-3248) allows attackers to remotely compromise systems without authentication. The sophisticated Flodrix botnet is already putting sensitive business data at risk. Is your organization proactively secured? https://t.co/4sBWJcWXgs htt
@natordas
20 Jun 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CVE-2025-3248 – #Unauthenticated #Remote_Code_Execution in #Langflow via #Insecure #Python exec Usage https://t.co/bk9idSjQWb https://t.co/opMwk5J6yX
@omvapt
19 Jun 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "464AFA20-81A9-41A6-B9F1-CD38B64C40C7",
"versionEndExcluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]