AI description
CVE-2025-3248 is a code injection vulnerability that affects Langflow versions prior to 1.3.0. It exists in the `/api/v1/validate/code` endpoint, where a remote, unauthenticated attacker can send crafted HTTP requests to execute arbitrary code on the server. This vulnerability allows attackers to gain control of vulnerable Langflow servers without needing authentication. To remediate this vulnerability, users are advised to upgrade to Langflow version 1.3.0 or restrict network access to the application.
- Description
- Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- langflow
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Langflow Missing Authentication Vulnerability
- Exploit added on
- May 5, 2025
- Exploit action due
- May 26, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
1/3 geçen sene CVE-2025-3248 ve CVE-2025-57760 açıklarını shodan,zoomeye,fofa gibi yerlerde exploit eden bi tool yazmıştım threat hunt amaçlı. Bayağı da bi sunucu rootlandı.
@testaccountogul
13 Jan 2026
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cytellite recent detection targeting CVE-2025-3248 — M247 Europe SRL Visit -- https://t.co/JgFgTw2h2h #Loginsoft #Cytellite #Cybersecurity #CVE20253248 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/9cN1CjZrzs
@Loginsoft_Intel
10 Jan 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cytellite recent detection targeting CVE-2025-3248 — M247 Europe SRL Visit -- https://t.co/JgFgTw2h2h #Loginsoft #Cytellite #Cybersecurity #CVE20253248 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/6PcerXypgU
@Loginsoft_Intel
10 Jan 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 أعلى 10 ثغرات عالية الخطورة في 2025 واستُغلت فعلاً في البرية 🚨 🔐 كشف تقرير CyberSecurityNews عن أخطر الثغرات التي هزّت الأمن السيبراني في 2025 — تأثيرها كان كبيرً
@Infoandtech3
2 Jan 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025年 実際に悪用された高リスク脆弱性 Top10 1 Langflow 未認証コード実行 CVE-2025-3248 2 Microsoft SharePoint Server RCE(ToolShell) CVE-2025-53770 / CVE-2025-53771 3 sudo 権限昇格(chroot処理不備) CVE-2025-32463 4 Docker Desktop コンテ
@yousukezan
1 Jan 2026
1476 Impressions
1 Retweet
15 Likes
7 Bookmarks
0 Replies
0 Quotes
Top 10 High-Risk Vulnerabilities of 2025 Langflow Unauthorized Code Injection Vulnerability (CVE-2025-3248): With a CVSS score of 9.8, this vulnerability stems from inadequate sandbox isolation and missing input filtering, enabling attackers to inject malicious code via API
@blackorbird
25 Dec 2025
6818 Impressions
2 Retweets
18 Likes
7 Bookmarks
0 Replies
1 Quote
BREAKING: CVE-2025-3248 exposes critical vulnerability in AI agent frameworks - attackers can manipulate agent behavior via unauthenticated requests, plant backdoors in AI-generated code, achieve arbitrary code execution. Thread on the 6 critical security gaps enterprises face:
@godel_sh
5 Nov 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-3248: Langflow RCE PoC ⚠️ Only for educational purposes & ethical hacking 👍 Like, comment & share if this helped! #CyberSecurity #EthicalHacking #CVE #Exploit #PoC #RedTeam #BugBounty #Infosec #Pentesting #OSCP https://t.co/aWCluy3X9h
@r0otk3r
29 Oct 2025
94 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Langflow: CVE-2025-3248: Active Exploitation https://t.co/sLho1n0Kv4
@Karma_X_Inc
19 Oct 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post: "LangflowのCVE-2025-3248を例としたFalcoによるCI/CDセキュリティ強化 | SHIFT Group 技術ブログ" https://t.co/JYj79FOVIB
@OCGOT1616
18 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
”攻撃者は、本脆弱性に未対処のLangflowサーバ上でダウンロード用スクリプトを実行し、Flodrixのマルウェアをインストールします” #AI AI開発ツール「Langflow」の重大な脆弱性「CVE-2025-3248」を悪用してFlodrix
@zubora_engineer
18 Aug 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AI開発ツール「Langflow」の重大な脆弱性「CVE-2025-3248」を悪用してFlodrixボットネットを ... https://t.co/UxuJUt5m96 #izumino_trend
@sec_trend
16 Aug 2025
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرة CVE-2025-3248 #RCE في Langflow (<1.3.0) تنفيذ تعليمات برمجية Python عشوائية دون مصادقة. 🔹 Endpoint: /api/v1/validate/code 🔹 Impact: Remote code execution 🔍 Query: title:"Langflow" favicon:66f2ee4a
@CriminalIP_AR
28 Jul 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3248 #RCE in Langflow (<1.3.0) Allows arbitrary Python code execution without auth. One malicious POST can lead to full server compromise. 🔹 Endpoint: /api/v1/validate/code 🔹 Impact: Remote code execution 🔍 Query: title:"Langflow" favicon:66f2ee4a Deta
@CriminalIP_US
25 Jul 2025
141 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
In our latest blog article, we demonstrate how to simulate with M&NTIS, and detect with #𝐒𝐮𝐫𝐢𝐜𝐚𝐭𝐚, an exploitation attempt of CVE-2025-3248 targeting Langflow: https://t.co/AksewxinQZ
@mantis_platform
22 Jul 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6 Trend™ Research has identified an active Flodrix botnet campaign exploiting CVE-2025-3248 in vulnerable Langflow servers. Attackers are using the flaw to deploy malware, putting affected systems at risk of full compromise. Follow this thread and learn more about its https
@trendai_RSRCH
19 Jul 2025
32912 Impressions
5 Retweets
27 Likes
0 Bookmarks
2 Replies
0 Quotes
A new critical vulnerability in LangFlow (CVE-2025-3248) is being actively exploited to deploy the Flodrix botnet. This high-severity flaw allows unauthenticated remote code execution. https://t.co/d6Hpc1QfgC #CyberSecurity #Ransomware
@theattacksurfac
12 Jul 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3248 is a critical unauthenticated RCE in Langflow now being exploited by the Flodrix #botnet. Dual C&C, code injection, and self-deletion make this a high-priority threat. Proactive security starts here: ⬇️ https://t.co/0HCzLHc7xh https://t.co/1AKKQt1yf7
@trendai_RSRCH
12 Jul 2025
549 Impressions
4 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Vision One™ protects enterprises from CVE-2025-3248 exploitation attempts with network security rules, threat insights, and hunting queries. Gain visibility into Flodrix IOCs and secure your Langflow systems. Full protection details: ⬇️ https://t.co/0HCzLHc7xh https
@trendai_RSRCH
7 Jul 2025
552 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
4 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical vulnerability CVE-2025-3248 in Langflow prior to 1.3.0 is actively exploited to deploy Flodrix botnet, enabling DDoS and data theft via malicious Python payloads. Stay alert! 🚨 #CVE20253248 #Flodrix #China https://t.co/WWEYmhSj8l
@TweetThreatNews
3 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Vision One™ protects enterprises from CVE-2025-3248 exploitation attempts with network security rules, threat insights, and hunting queries. Gain visibility into Flodrix IOCs and secure your Langflow systems. Full protection details:⬇️ https://t.co/0HCzLHc7xh http
@trendai_RSRCH
3 Jul 2025
469 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Threat Actors Exploit CVE-2025-3248 to Deliver Flodrix Botnet | 30-06-2025 Source: https://t.co/w9WO1pgqKZ Key details below ↓ 💀Threats: Flodrix_botnet, Leethozer_botnet, 🔓CVEs: CVE-2025-3248 \[[Vulners](https://t.co/aFhtotmRvx)] - CVSS
@rst_cloud
1 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Langflow’s growing use in intelligent automation makes it an attractive target. CVE-2025-3248 allows unauthenticated code execution on versions below 1.3.0—posing a critical risk to enterprise environments. Review mitigation steps now:⬇️ https://t.co/0HCzLHc7xh https://
@trendai_RSRCH
30 Jun 2025
505 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
人気のAIプロトタイピング用Pythonフレームワーク「Langflow」が重大な脆弱性(CVE-2025-3248)により攻撃を受けている。
@yousukezan
30 Jun 2025
2356 Impressions
5 Retweets
16 Likes
11 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
30 Jun 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-3248 ... https://t.co/RCidGXRHZa
@nasibaliyusibov
29 Jun 2025
57 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨CVE-2025-3248: RCE vulnerability in Langflow Link: https://t.co/zvB6RhBYib ZoomEye Dork: app="Langflow" Results: 1,862 Advisory: https://t.co/jOKO3VWQpK PoC: https://t.co/sjusZmZVXJ CVSS: 9.3 https://t.co/cUS6NrEfxN
@DarkWebInformer
29 Jun 2025
12703 Impressions
28 Retweets
142 Likes
48 Bookmarks
2 Replies
0 Quotes
CVE-2025-3248 (CVSS 9.8) is being actively exploited to deliver the #Flodrix botnet. Vulnerable Langflow deployments may face full system compromise, data loss, or DDoS attacks. Enterprises must patch to v1.3.0 and restrict public access immediately:⬇️ https://t.co/0HCzLHc7
@trendai_RSRCH
29 Jun 2025
595 Impressions
1 Retweet
3 Likes
3 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
29 Jun 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
28 Jun 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Threat actors are reportedly exploiting CVE-2025-3248 to deliver the Flodrix Botnet, targeting AI verticals and linked to the LeetHozer family. #CyberSecurity #FlodrixBotnet https://t.co/ua14mF6Vib
@Cyber_O51NT
28 Jun 2025
541 Impressions
2 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
#Threatactors are exploiting CVE-2025-3248 to deliver the #Flodrix botnet, a new #malware targeting vulnerable servers with #DDoS capabilities & stealthy persistence. @TrendMicro recently reported on it. Check out our blog for more info & related samples. https://t.co/Qz
@PolySwarm
27 Jun 2025
658 Impressions
9 Retweets
31 Likes
1 Bookmark
1 Reply
0 Quotes
Flodrix exploits Langflow’s critical validation flaw (CVE-2025-3248) to gain unauthenticated RCE through a single POST request. Learn how to defend your environment: ⬇️ https://t.co/0HCzLHc7xh https://t.co/vruR1ys9Cs
@trendai_RSRCH
27 Jun 2025
403 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6 Trend™ Research has identified an active Flodrix #botnet campaign exploiting CVE-2025-3248 in vulnerable Langflow servers. Attackers are using the flaw to deploy malware, putting affected systems at risk of full compromise. Learn more here: https://t.co/oT8sk48EqK https:/
@TrendMicro
26 Jun 2025
384 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-3248 (CVSS 9.8) is being actively exploited to deliver the #Flodrix botnet. Vulnerable Langflow deployments may face full system compromise, data loss, or DDoS attacks. Enterprises must patch to v1.3.0 and restrict public access immediately: https://t.co/eFlB6KXG2M
@TrendMicro
24 Jun 2025
423 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3248 - RCE Scanner Released A critical Remote Code Execution vulnerability has been identified and a PoC scanner is now available. Ideal for security researchers and red teamers. 🛠️ Tool & Exploit: https://t.co/hbgV2r1DdU #CyberSecurity #RCE #CVE2025 #BugB
@issam_juniorx
23 Jun 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#RCE attempts targeting Langflow (CVE-2025-3248) to distribute #redtail #xmrig #coinminer 2025-06-20 23:33:10 UTC Source IPs: 193.32.162.157 🇷🇴 and 185.93.89.118 🇮🇷 POST /api/v1/validate/code IOCs: 66.63.187.193 🇺🇸 hxxp://66.63.187.193/sh 45ccafcdc6e78bd6471a7
@sicehice
23 Jun 2025
504 Impressions
1 Retweet
3 Likes
3 Bookmarks
0 Replies
0 Quotes
📌 Critical Langflow vulnerability (CVE-2025-3248) exploited for Flodrix botnet. Predator group remains active. #CyberSecurity #Malware https://t.co/pGr0H0UdOC https://t.co/eHE6TnM3t4
@CyberHub_blog
23 Jun 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet | 19-06-2025 Source: https://t.co/mkbrMXzHxk Key details below ↓ 💀Threats: Flodrix_botnet, Leethozer_botnet, 🎯Victims: Organizations using langflo
@rst_cloud
20 Jun 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Trend Micro uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data. https://t.co/ENlGEXDMcR
@virusbtn
20 Jun 2025
1627 Impressions
8 Retweets
21 Likes
6 Bookmarks
0 Replies
1 Quote
CVE-2025-3248 - Langflow RCE Exploit Shodan: http.title:"Langflow" "Langflow allows you to build LLM applications" title:"Langflow" ZoomEye: app="Langflow" #bugbounty #bugbbountytips #rce https://t.co/mRNLUcr86k
@zapstiko
20 Jun 2025
1179 Impressions
5 Retweets
28 Likes
12 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in Langflow (CVE-2025-3248) allows attackers to remotely compromise systems without authentication. The sophisticated Flodrix botnet is already putting sensitive business data at risk. Is your organization proactively secured? https://t.co/4sBWJcWXgs htt
@natordas
20 Jun 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CVE-2025-3248 – #Unauthenticated #Remote_Code_Execution in #Langflow via #Insecure #Python exec Usage https://t.co/bk9idSjQWb https://t.co/opMwk5J6yX
@omvapt
19 Jun 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Research has detected an active campaign exploiting the critical CVE-2025-3248 vulnerability to deliver the Flodrix botnet. Attackers use it to run downloader scripts on compromised Langflow servers. Proactively secure your systems: https://t.co/S4RzNMq1Ly https://t.co/EK
@TrendMicro
19 Jun 2025
650 Impressions
3 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
Deep Dive: CVE-2025-3248 (Critical RCE in Langflow) ⚠️ CVSS 9.8 | EPSS 92.57% An unauthenticated API + insecure exec() = complete server compromise. Attackers can pass arbitrary Python code to Langflow's /api/v1/builder/execute_code endpoint. No auth, no sandbox, just inst
@offsectraining
19 Jun 2025
3376 Impressions
5 Retweets
34 Likes
2 Bookmarks
0 Replies
0 Quotes
Deep Dive: CVE-2025-3248 (Critical RCE in Langflow) ⚠️ CVSS 9.8 | EPSS 92.57% An unauthenticated API + insecure exec() = complete server compromise. Attackers can pass arbitrary Python code to Langflow's /api/v1/builder/execute_code endpoint. No auth, no sandbox, just inst
@offsectraining
19 Jun 2025
252 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3248 is a critical unauthenticated RCE in Langflow now being exploited by the Flodrix #botnet. Dual C&C, code injection, and self-deletion make this a high-priority threat. Proactive security starts here:⬇️ https://t.co/0HCzLHc7xh https://t.co/urzMhLcLJ3
@trendai_RSRCH
19 Jun 2025
764 Impressions
5 Retweets
15 Likes
1 Bookmark
0 Replies
0 Quotes
Critical flaw in @langflow_ai (CVE-2025-3248) is being actively exploited to deploy the Flodrix botnet. ✦ Remote code execution ✦ Data theft & DDoS ✦ Unpatched systems are at risk Update to v1.3.0 now. How to protect yourself: https://t.co/ITSMvKYnBd #CyberSecurity
@socradar
19 Jun 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new campaign is exploiting a critical vulnerability (CVE-2025-3248) in Langflow to launch DDoS attacks. Users and admins are urged to update to the latest version immediately. Read the alert here: https://t.co/JLzzG2JlEq https://t.co/T00om8OFCl
@CSAsingapore
19 Jun 2025
133 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "464AFA20-81A9-41A6-B9F1-CD38B64C40C7",
"versionEndExcluding": "1.3.0"
}
],
"operator": "OR"
}
]
}
]