CVE-2025-3248

Published Apr 7, 2025

Last updated 2 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-3248 is a code injection vulnerability that affects Langflow versions prior to 1.3.0. It exists in the `/api/v1/validate/code` endpoint, where a remote, unauthenticated attacker can send crafted HTTP requests to execute arbitrary code on the server. This vulnerability allows attackers to gain control of vulnerable Langflow servers without needing authentication. To remediate this vulnerability, users are advised to upgrade to Langflow version 1.3.0 or restrict network access to the application.

Description
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
Source
disclosure@vulncheck.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Langflow Missing Authentication Vulnerability
Exploit added on
May 5, 2025
Exploit action due
May 26, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

disclosure@vulncheck.com
CWE-306
nvd@nist.gov
CWE-94

Social media

Hype score
Not currently trending
  1. A new critical vulnerability in LangFlow (CVE-2025-3248) is being actively exploited to deploy the Flodrix botnet. This high-severity flaw allows unauthenticated remote code execution. https://t.co/d6Hpc1QfgC #CyberSecurity #Ransomware

    @theattacksurfac

    12 Jul 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-3248 is a critical unauthenticated RCE in Langflow now being exploited by the Flodrix #botnet. Dual C&C, code injection, and self-deletion make this a high-priority threat. Proactive security starts here: ⬇️ https://t.co/0HCzLHc7xh https://t.co/1AKKQt1yf7

    @TrendMicroRSRCH

    12 Jul 2025

    549 Impressions

    4 Retweets

    7 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Trend Vision One™ protects enterprises from CVE-2025-3248 exploitation attempts with network security rules, threat insights, and hunting queries. Gain visibility into Flodrix IOCs and secure your Langflow systems. Full protection details: ⬇️ https://t.co/0HCzLHc7xh https

    @TrendMicroRSRCH

    7 Jul 2025

    552 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Actively exploited CVE : CVE-2025-3248

    @transilienceai

    4 Jul 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Critical vulnerability CVE-2025-3248 in Langflow prior to 1.3.0 is actively exploited to deploy Flodrix botnet, enabling DDoS and data theft via malicious Python payloads. Stay alert! 🚨 #CVE20253248 #Flodrix #China https://t.co/WWEYmhSj8l

    @TweetThreatNews

    3 Jul 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Trend Vision One™ protects enterprises from CVE-2025-3248 exploitation attempts with network security rules, threat insights, and hunting queries. Gain visibility into Flodrix IOCs and secure your Langflow systems. Full protection details:⬇️ https://t.co/0HCzLHc7xh http

    @TrendMicroRSRCH

    3 Jul 2025

    469 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. #threatreport #LowCompleteness Threat Actors Exploit CVE-2025-3248 to Deliver Flodrix Botnet | 30-06-2025 Source: https://t.co/w9WO1pgqKZ Key details below ↓ 💀Threats: Flodrix_botnet, Leethozer_botnet, 🔓CVEs: CVE-2025-3248 \[[Vulners](https://t.co/aFhtotmRvx)] - CVSS

    @rst_cloud

    1 Jul 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Langflow’s growing use in intelligent automation makes it an attractive target. CVE-2025-3248 allows unauthenticated code execution on versions below 1.3.0—posing a critical risk to enterprise environments. Review mitigation steps now:⬇️ https://t.co/0HCzLHc7xh https://

    @TrendMicroRSRCH

    30 Jun 2025

    505 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 人気のAIプロトタイピング用Pythonフレームワーク「Langflow」が重大な脆弱性(CVE-2025-3248)により攻撃を受けている。

    @yousukezan

    30 Jun 2025

    2356 Impressions

    5 Retweets

    16 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  10. Actively exploited CVE : CVE-2025-3248

    @transilienceai

    30 Jun 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. CVE-2025-3248 ... https://t.co/RCidGXRHZa

    @nasibaliyusibov

    29 Jun 2025

    57 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  12. 🚨CVE-2025-3248: RCE vulnerability in Langflow Link: https://t.co/zvB6RhBYib ZoomEye Dork: app="Langflow" Results: 1,862 Advisory: https://t.co/jOKO3VWQpK PoC: https://t.co/sjusZmZVXJ CVSS: 9.3 https://t.co/cUS6NrEfxN

    @DarkWebInformer

    29 Jun 2025

    12703 Impressions

    28 Retweets

    142 Likes

    48 Bookmarks

    2 Replies

    0 Quotes

  13. CVE-2025-3248 (CVSS 9.8) is being actively exploited to deliver the #Flodrix botnet. Vulnerable Langflow deployments may face full system compromise, data loss, or DDoS attacks. Enterprises must patch to v1.3.0 and restrict public access immediately:⬇️ https://t.co/0HCzLHc7

    @TrendMicroRSRCH

    29 Jun 2025

    595 Impressions

    1 Retweet

    3 Likes

    3 Bookmarks

    1 Reply

    0 Quotes

  14. Actively exploited CVE : CVE-2025-3248

    @transilienceai

    29 Jun 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Actively exploited CVE : CVE-2025-3248

    @transilienceai

    28 Jun 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. Threat actors are reportedly exploiting CVE-2025-3248 to deliver the Flodrix Botnet, targeting AI verticals and linked to the LeetHozer family. #CyberSecurity #FlodrixBotnet https://t.co/ua14mF6Vib

    @Cyber_O51NT

    28 Jun 2025

    541 Impressions

    2 Retweets

    7 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  17. #Threatactors are exploiting CVE-2025-3248 to deliver the #Flodrix botnet, a new #malware targeting vulnerable servers with #DDoS capabilities & stealthy persistence. @TrendMicro recently reported on it. Check out our blog for more info & related samples. https://t.co/Qz

    @PolySwarm

    27 Jun 2025

    658 Impressions

    9 Retweets

    31 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  18. Flodrix exploits Langflow’s critical validation flaw (CVE-2025-3248) to gain unauthenticated RCE through a single POST request. Learn how to defend your environment: ⬇️ https://t.co/0HCzLHc7xh https://t.co/vruR1ys9Cs

    @TrendMicroRSRCH

    27 Jun 2025

    403 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 1/6 Trend™ Research has identified an active Flodrix #botnet campaign exploiting CVE-2025-3248 in vulnerable Langflow servers. Attackers are using the flaw to deploy malware, putting affected systems at risk of full compromise. Learn more here: https://t.co/oT8sk48EqK https:/

    @TrendMicro

    26 Jun 2025

    384 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. CVE-2025-3248 (CVSS 9.8) is being actively exploited to deliver the #Flodrix botnet. Vulnerable Langflow deployments may face full system compromise, data loss, or DDoS attacks. Enterprises must patch to v1.3.0 and restrict public access immediately: https://t.co/eFlB6KXG2M

    @TrendMicro

    24 Jun 2025

    423 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨 CVE-2025-3248 - RCE Scanner Released A critical Remote Code Execution vulnerability has been identified and a PoC scanner is now available. Ideal for security researchers and red teamers. 🛠️ Tool & Exploit: https://t.co/hbgV2r1DdU #CyberSecurity #RCE #CVE2025 #BugB

    @issam_juniorx

    23 Jun 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. #RCE attempts targeting Langflow (CVE-2025-3248) to distribute #redtail #xmrig #coinminer 2025-06-20 23:33:10 UTC Source IPs: 193.32.162.157 🇷🇴 and 185.93.89.118 🇮🇷 POST /api/v1/validate/code IOCs: 66.63.187.193 🇺🇸 hxxp://66.63.187.193/sh 45ccafcdc6e78bd6471a7

    @sicehice

    23 Jun 2025

    504 Impressions

    1 Retweet

    3 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  23. 📌 Critical Langflow vulnerability (CVE-2025-3248) exploited for Flodrix botnet. Predator group remains active. #CyberSecurity #Malware https://t.co/pGr0H0UdOC https://t.co/eHE6TnM3t4

    @CyberHub_blog

    23 Jun 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. #threatreport #LowCompleteness Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet | 19-06-2025 Source: https://t.co/mkbrMXzHxk Key details below ↓ 💀Threats: Flodrix_botnet, Leethozer_botnet, 🎯Victims: Organizations using langflo

    @rst_cloud

    20 Jun 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Trend Micro uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data. https://t.co/ENlGEXDMcR

    @virusbtn

    20 Jun 2025

    1627 Impressions

    8 Retweets

    21 Likes

    6 Bookmarks

    0 Replies

    1 Quote

  26. CVE-2025-3248 - Langflow RCE Exploit Shodan: http.title:"Langflow" "Langflow allows you to build LLM applications" title:"Langflow" ZoomEye: app="Langflow" #bugbounty #bugbbountytips #rce https://t.co/mRNLUcr86k

    @zapstiko

    20 Jun 2025

    1179 Impressions

    5 Retweets

    28 Likes

    12 Bookmarks

    0 Replies

    0 Quotes

  27. A critical vulnerability in Langflow (CVE-2025-3248) allows attackers to remotely compromise systems without authentication. The sophisticated Flodrix botnet is already putting sensitive business data at risk. Is your organization proactively secured? https://t.co/4sBWJcWXgs htt

    @natordas

    20 Jun 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. #CVE-2025-3248 – #Unauthenticated #Remote_Code_Execution in #Langflow via #Insecure #Python exec Usage https://t.co/bk9idSjQWb https://t.co/opMwk5J6yX

    @omvapt

    19 Jun 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Trend Research has detected an active campaign exploiting the critical CVE-2025-3248 vulnerability to deliver the Flodrix botnet. Attackers use it to run downloader scripts on compromised Langflow servers. Proactively secure your systems: https://t.co/S4RzNMq1Ly https://t.co/EK

    @TrendMicro

    19 Jun 2025

    650 Impressions

    3 Retweets

    8 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  30. Deep Dive: CVE-2025-3248 (Critical RCE in Langflow) ⚠️ CVSS 9.8 | EPSS 92.57% An unauthenticated API + insecure exec() = complete server compromise. Attackers can pass arbitrary Python code to Langflow's /api/v1/builder/execute_code endpoint. No auth, no sandbox, just inst

    @offsectraining

    19 Jun 2025

    3376 Impressions

    5 Retweets

    34 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  31. Deep Dive: CVE-2025-3248 (Critical RCE in Langflow) ⚠️ CVSS 9.8 | EPSS 92.57% An unauthenticated API + insecure exec() = complete server compromise. Attackers can pass arbitrary Python code to Langflow's /api/v1/builder/execute_code endpoint. No auth, no sandbox, just inst

    @offsectraining

    19 Jun 2025

    252 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. CVE-2025-3248 is a critical unauthenticated RCE in Langflow now being exploited by the Flodrix #botnet. Dual C&C, code injection, and self-deletion make this a high-priority threat. Proactive security starts here:⬇️ https://t.co/0HCzLHc7xh https://t.co/urzMhLcLJ3

    @TrendMicroRSRCH

    19 Jun 2025

    764 Impressions

    5 Retweets

    15 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  33. Critical flaw in @langflow_ai (CVE-2025-3248) is being actively exploited to deploy the Flodrix botnet. ✦ Remote code execution ✦ Data theft & DDoS ✦ Unpatched systems are at risk Update to v1.3.0 now. How to protect yourself: https://t.co/ITSMvKYnBd #CyberSecurity

    @socradar

    19 Jun 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. A new campaign is exploiting a critical vulnerability (CVE-2025-3248) in Langflow to launch DDoS attacks. Users and admins are urged to update to the latest version immediately. Read the alert here: https://t.co/JLzzG2JlEq https://t.co/T00om8OFCl

    @CSAsingapore

    19 Jun 2025

    133 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Trend Research reports that attackers are exploiting CVE-2025-3248 in vulnerable Langflow servers to deliver the Flodrix botnet, enabling DDoS attacks and potential data breaches. #CyberSecurity #Malware https://t.co/kxYqKL8pxL

    @Cyber_O51NT

    19 Jun 2025

    433 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  36. CVE-2025-3248 is a critical unauthenticated RCE in Langflow now being exploited by the Flodrix #botnet. Dual C&C, code injection, and self-deletion make this a high-priority threat. Proactive security starts here: https://t.co/FLdWzZL6AR

    @TrendMicro

    18 Jun 2025

    554 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. ‼️بوت نت Flodrix يضرب خوادم Langflow – ثغرة جديدة تحت الهجوم! في حملة هجوم نشطة، كشفت Trend Research إن الهاكرز بدأوا يستغلوا الثغرة CVE-2025-3248 لاختراق خوادم Langflow ونشر بر

    @hiddenlockT

    18 Jun 2025

    102 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  38. CVE-2025-3248 Langflow RCE Exploit @ynsmroztas PoC: https://t.co/p3zc6jgzDh ZoomEye Dork: app="Langflow" #bugbountytips #bugbounty #rce https://t.co/OyUKxTBpdz

    @zapstiko

    18 Jun 2025

    815 Impressions

    0 Retweets

    17 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  39. Actively exploited CVE : CVE-2025-3248

    @transilienceai

    18 Jun 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  40. Langflowの脆弱性CVE-2025-3248がFlodrixボットネットに悪用される https://t.co/seHPzD00iY #Security #セキュリティ #ニュース

    @SecureShield_

    18 Jun 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Popular Python visual framework for AI application development Langflow is being actively exploited via unauthenticated RCE code validation bypass (CVE-2025-3248) in a nasty campaign dropping the multi-architecture Flodrix DDoS botnet. Proper authentication implemented in https:

    @ricomanifesto

    17 Jun 2025

    194 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  42. I enjoyed Exploring and Exploiting CVE-2025-3248-Langflow RCE - Affected Endpoint: /api/v1/validate/code - ZoomEye Dork :- domain="https://t.co/bMoqL7hiQO" && app="Langflow" - Shodan Dork :- ssl:"https://t.co/bMoqL7hiQO" http.title:"Langflow" https://t.co/kVJcbkvS8W

    @wadgamaraldeen

    17 Jun 2025

    6187 Impressions

    10 Retweets

    118 Likes

    95 Bookmarks

    3 Replies

    0 Quotes

  43. Security researchers have identified an active campaign exploiting CVE-2025-3248, a critical RCE vulnerability in Langflow (versions <1.3.0). Rated 9.8 CVSS, it allows attackers to execute malicious Python code via unauthenticated requests. https://t.co/e67ucaC074

    @securityRSS

    17 Jun 2025

    52 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. 📢 Flodrix Botnet Exploits Critical Langflow Flaw: Urgent Action Needed CVE-2025-3248 is under attack! Flodrix botnet targets Langflow, enabling DDoS & system compromise. Upgrade to 1.3.0 & secure endpoints now. More details: https://t.co/q8jfKf1BZV #Cybersecurity #Bo

    @threatsbank

    17 Jun 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. CVE-2025-3248 : Critical Langflow Vulnerability Actively Exploited to Deliver Flodrix Botnet https://t.co/tYNGyldbPK https://t.co/cfJedIxbaL

    @freedomhack101

    17 Jun 2025

    82 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  46. 🚨ACTU CYBER🚨 @Langflow ciblé par Flodrix via faille CVE-2025-3248, botnet actif sur serveurs non à jour. Lien en bio pour lire la suite ! #cybersécurité https://t.co/1YgqJzCBv4

    @cybercare_fr

    17 Jun 2025

    27 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  47. 🚨 CVE-2025-3248 Remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code Finding Targets To find potential targets, use Fofa •Fofa Dork: "Langflow"` Cloning the Repository First, clone the repository: git clone https://t.co/I2SDG5bw

    @TheMsterDoctor1

    17 Jun 2025

    2921 Impressions

    16 Retweets

    56 Likes

    36 Bookmarks

    0 Replies

    0 Quotes

  48. Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet https://t.co/KiSLBrUe2u

    @Dinosn

    16 Jun 2025

    2591 Impressions

    7 Retweets

    21 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  49. Actively exploited CVE : CVE-2025-3248

    @transilienceai

    3 Jun 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  50. (🧵Thread) CVE-2025-3248: Renewed Interest in Langflow Remote Code Execution Key findings: 🔹 Despite initial hacker interest after the exploit's public release (April 9), attacks detected by the CrowdSec Network plummeted to near zero within days, likely due to rapid detec

    @Crowd_Security

    2 Jun 2025

    248 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations