AI description
CVE-2025-3248 is a code injection vulnerability that affects Langflow versions prior to 1.3.0. It exists in the `/api/v1/validate/code` endpoint, where a remote, unauthenticated attacker can send crafted HTTP requests to execute arbitrary code on the server. This vulnerability allows attackers to gain control of vulnerable Langflow servers without needing authentication. To remediate this vulnerability, users are advised to upgrade to Langflow version 1.3.0 or restrict network access to the application.
- Description
- Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Langflow Missing Authentication Vulnerability
- Exploit added on
- May 5, 2025
- Exploit action due
- May 26, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
CVE-2025-3248 (CVSS 9.8) is being actively exploited to deliver the #Flodrix botnet. Vulnerable Langflow deployments may face full system compromise, data loss, or DDoS attacks. Enterprises must patch to v1.3.0 and restrict public access immediately: https://t.co/eFlB6KXG2M
@TrendMicro
24 Jun 2025
423 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3248 - RCE Scanner Released A critical Remote Code Execution vulnerability has been identified and a PoC scanner is now available. Ideal for security researchers and red teamers. 🛠️ Tool & Exploit: https://t.co/hbgV2r1DdU #CyberSecurity #RCE #CVE2025 #BugB
@issam_juniorx
23 Jun 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#RCE attempts targeting Langflow (CVE-2025-3248) to distribute #redtail #xmrig #coinminer 2025-06-20 23:33:10 UTC Source IPs: 193.32.162.157 🇷🇴 and 185.93.89.118 🇮🇷 POST /api/v1/validate/code IOCs: 66.63.187.193 🇺🇸 hxxp://66.63.187.193/sh 45ccafcdc6e78bd6471a7
@sicehice
23 Jun 2025
504 Impressions
1 Retweet
3 Likes
3 Bookmarks
0 Replies
0 Quotes
📌 Critical Langflow vulnerability (CVE-2025-3248) exploited for Flodrix botnet. Predator group remains active. #CyberSecurity #Malware https://t.co/pGr0H0UdOC https://t.co/eHE6TnM3t4
@CyberHub_blog
23 Jun 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet | 19-06-2025 Source: https://t.co/mkbrMXzHxk Key details below ↓ 💀Threats: Flodrix_botnet, Leethozer_botnet, 🎯Victims: Organizations using langflo
@rst_cloud
20 Jun 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Trend Micro uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data. https://t.co/ENlGEXDMcR
@virusbtn
20 Jun 2025
1627 Impressions
8 Retweets
21 Likes
6 Bookmarks
0 Replies
1 Quote
CVE-2025-3248 - Langflow RCE Exploit Shodan: http.title:"Langflow" "Langflow allows you to build LLM applications" title:"Langflow" ZoomEye: app="Langflow" #bugbounty #bugbbountytips #rce https://t.co/mRNLUcr86k
@zapstiko
20 Jun 2025
1179 Impressions
5 Retweets
28 Likes
12 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in Langflow (CVE-2025-3248) allows attackers to remotely compromise systems without authentication. The sophisticated Flodrix botnet is already putting sensitive business data at risk. Is your organization proactively secured? https://t.co/4sBWJcWXgs htt
@natordas
20 Jun 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CVE-2025-3248 – #Unauthenticated #Remote_Code_Execution in #Langflow via #Insecure #Python exec Usage https://t.co/bk9idSjQWb https://t.co/opMwk5J6yX
@omvapt
19 Jun 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Research has detected an active campaign exploiting the critical CVE-2025-3248 vulnerability to deliver the Flodrix botnet. Attackers use it to run downloader scripts on compromised Langflow servers. Proactively secure your systems: https://t.co/S4RzNMq1Ly https://t.co/EK
@TrendMicro
19 Jun 2025
650 Impressions
3 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
Deep Dive: CVE-2025-3248 (Critical RCE in Langflow) ⚠️ CVSS 9.8 | EPSS 92.57% An unauthenticated API + insecure exec() = complete server compromise. Attackers can pass arbitrary Python code to Langflow's /api/v1/builder/execute_code endpoint. No auth, no sandbox, just inst
@offsectraining
19 Jun 2025
3376 Impressions
5 Retweets
34 Likes
2 Bookmarks
0 Replies
0 Quotes
Deep Dive: CVE-2025-3248 (Critical RCE in Langflow) ⚠️ CVSS 9.8 | EPSS 92.57% An unauthenticated API + insecure exec() = complete server compromise. Attackers can pass arbitrary Python code to Langflow's /api/v1/builder/execute_code endpoint. No auth, no sandbox, just inst
@offsectraining
19 Jun 2025
252 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3248 is a critical unauthenticated RCE in Langflow now being exploited by the Flodrix #botnet. Dual C&C, code injection, and self-deletion make this a high-priority threat. Proactive security starts here:⬇️ https://t.co/0HCzLHc7xh https://t.co/urzMhLcLJ3
@TrendMicroRSRCH
19 Jun 2025
764 Impressions
5 Retweets
15 Likes
1 Bookmark
0 Replies
0 Quotes
Critical flaw in @langflow_ai (CVE-2025-3248) is being actively exploited to deploy the Flodrix botnet. ✦ Remote code execution ✦ Data theft & DDoS ✦ Unpatched systems are at risk Update to v1.3.0 now. How to protect yourself: https://t.co/ITSMvKYnBd #CyberSecurity
@socradar
19 Jun 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new campaign is exploiting a critical vulnerability (CVE-2025-3248) in Langflow to launch DDoS attacks. Users and admins are urged to update to the latest version immediately. Read the alert here: https://t.co/JLzzG2JlEq https://t.co/T00om8OFCl
@CSAsingapore
19 Jun 2025
133 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Research reports that attackers are exploiting CVE-2025-3248 in vulnerable Langflow servers to deliver the Flodrix botnet, enabling DDoS attacks and potential data breaches. #CyberSecurity #Malware https://t.co/kxYqKL8pxL
@Cyber_O51NT
19 Jun 2025
433 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-3248 is a critical unauthenticated RCE in Langflow now being exploited by the Flodrix #botnet. Dual C&C, code injection, and self-deletion make this a high-priority threat. Proactive security starts here: https://t.co/FLdWzZL6AR
@TrendMicro
18 Jun 2025
554 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️بوت نت Flodrix يضرب خوادم Langflow – ثغرة جديدة تحت الهجوم! في حملة هجوم نشطة، كشفت Trend Research إن الهاكرز بدأوا يستغلوا الثغرة CVE-2025-3248 لاختراق خوادم Langflow ونشر بر
@hiddenlockT
18 Jun 2025
102 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-3248 Langflow RCE Exploit @ynsmroztas PoC: https://t.co/p3zc6jgzDh ZoomEye Dork: app="Langflow" #bugbountytips #bugbounty #rce https://t.co/OyUKxTBpdz
@zapstiko
18 Jun 2025
815 Impressions
0 Retweets
17 Likes
5 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
18 Jun 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Langflowの脆弱性CVE-2025-3248がFlodrixボットネットに悪用される https://t.co/seHPzD00iY #Security #セキュリティ #ニュース
@SecureShield_
18 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Popular Python visual framework for AI application development Langflow is being actively exploited via unauthenticated RCE code validation bypass (CVE-2025-3248) in a nasty campaign dropping the multi-architecture Flodrix DDoS botnet. Proper authentication implemented in https:
@ricomanifesto
17 Jun 2025
194 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
I enjoyed Exploring and Exploiting CVE-2025-3248-Langflow RCE - Affected Endpoint: /api/v1/validate/code - ZoomEye Dork :- domain="https://t.co/bMoqL7hiQO" && app="Langflow" - Shodan Dork :- ssl:"https://t.co/bMoqL7hiQO" http.title:"Langflow" https://t.co/kVJcbkvS8W
@wadgamaraldeen
17 Jun 2025
6187 Impressions
10 Retweets
118 Likes
95 Bookmarks
3 Replies
0 Quotes
Security researchers have identified an active campaign exploiting CVE-2025-3248, a critical RCE vulnerability in Langflow (versions <1.3.0). Rated 9.8 CVSS, it allows attackers to execute malicious Python code via unauthenticated requests. https://t.co/e67ucaC074
@securityRSS
17 Jun 2025
52 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 Flodrix Botnet Exploits Critical Langflow Flaw: Urgent Action Needed CVE-2025-3248 is under attack! Flodrix botnet targets Langflow, enabling DDoS & system compromise. Upgrade to 1.3.0 & secure endpoints now. More details: https://t.co/q8jfKf1BZV #Cybersecurity #Bo
@threatsbank
17 Jun 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3248 : Critical Langflow Vulnerability Actively Exploited to Deliver Flodrix Botnet https://t.co/tYNGyldbPK https://t.co/cfJedIxbaL
@freedomhack101
17 Jun 2025
82 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨ACTU CYBER🚨 @Langflow ciblé par Flodrix via faille CVE-2025-3248, botnet actif sur serveurs non à jour. Lien en bio pour lire la suite ! #cybersécurité https://t.co/1YgqJzCBv4
@cybercare_fr
17 Jun 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3248 Remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code Finding Targets To find potential targets, use Fofa •Fofa Dork: "Langflow"` Cloning the Repository First, clone the repository: git clone https://t.co/I2SDG5bw
@TheMsterDoctor1
17 Jun 2025
2921 Impressions
16 Retweets
56 Likes
36 Bookmarks
0 Replies
0 Quotes
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet https://t.co/KiSLBrUe2u
@Dinosn
16 Jun 2025
2591 Impressions
7 Retweets
21 Likes
2 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
3 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
(🧵Thread) CVE-2025-3248: Renewed Interest in Langflow Remote Code Execution Key findings: 🔹 Despite initial hacker interest after the exploit's public release (April 9), attacks detected by the CrowdSec Network plummeted to near zero within days, likely due to rapid detec
@Crowd_Security
2 Jun 2025
248 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
2 Jun 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
GitHub - tiemio/RCE-CVE-2025-3248: This Python script exploits CVE-2025-3248 to execute arbitrary commands or spawn a reverse shell on a vulnerable system. Authentication is required to use this exploit. https://t.co/xRbdKjQpuL
@akaclandestine
1 Jun 2025
771 Impressions
0 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
27 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#threatreport #LowCompleteness Langflow: CVE-2025-3248: Active Exploitation | 23-05-2025 Source: https://t.co/GWEJMHdwVw Key details below ↓ 🏭Industry: Government 🌐Geo: Singapore, Australia, Taiwan, Belgium, China, Israel, Germany, Hong kong, Brazil, Korea, Mexico, Thai
@rst_cloud
24 May 2025
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New CVE Alert: CVE-2025-3248 A critical missing authentication vulnerability affecting Langflow versions before 1.3.0 has been identified, with active exploitation attempts already observed in the wild. Our latest blog breaks down the risk, real-world activity, and how to ht
@RecordedFuture
23 May 2025
686 Impressions
2 Retweets
2 Likes
1 Bookmark
1 Reply
1 Quote
【MBSD-SOCの検知傾向トピックス】 2025年4月分#MBSD#SOCの検知傾向トピックスを公開しました。 今月は、Langflowの脆弱性(CVE-2025-3248)を狙った攻撃を観測しました。 ▼詳しくはこちらをご覧ください https://t.co/nMp
@mbsdnews
16 May 2025
920 Impressions
2 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
⚠️ Faille critique dans #Langflow (CVE-2025-3248) Une exécution de code à distance via exec() accessible sans authentification 😱 Article complet 👉 https://t.co/OOGZprNpJg #RCE #Cybersecurity #Python #OpenSource #IA https://t.co/fqnm8ZqzOf
@IA_Insights_
11 May 2025
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری جدیدی با کد شناسایی CVE-2025-3248 برای فریمورک Langflow منتشر شده است. این فریمورک که open source می باشد ، برای ساخت language model applications استفاده می شود. هکرها با اس
@AmirHossein_sec
10 May 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
10 May 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Attackers are hijacking #AI apps using a Langflow vulnerability (CVE-2025-3248). Unpatched AI workflows are being remotely taken over. If you run Langflow, patch now. https://t.co/weEIyqyK8E
@top10vpn
10 May 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The critical command injection vulnerability (CVE-2025-3248) disclosed in the Langflow web app last month is now being actively exploited, and Censys researcher Jackson Roilf explains the potential impact of the bug and how widespread the exploitation is. https://t.co/JkFYIIY5zt
@censysio
9 May 2025
1710 Impressions
7 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
CYBER ALERT 🚨 Langflow users: CVE-2025-3248 allows attackers to run code on your servers—putting AI apps, data, and uptime at risk. Update to v1.3.0 or isolate access now. #Langflow #CyberAlert #RCE #PatchNow #CVE20253248 #ZeroDay #AItools #TechNews https://t.co/MgZjcDT3kE
@Ferrum_IT
7 May 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-3248 : Critical Langflow RCE flaw exploited to hack AI app servers https://t.co/mATBPqedC7 https://t.co/BbNh6UyVlo
@freedomhack101
7 May 2025
75 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a serious security vulnerability in Langflow, an open-source AI workflow platform, that is now being actively exploited. The flaw, tracked as CVE-2025-3248, allows attackers to take full control of
@Operator7771337
7 May 2025
61991 Impressions
0 Retweets
1 Like
5 Bookmarks
0 Replies
0 Quotes
📌 CISA adds actively exploited Langflow flaw (CVE-2025-3248, CVSS 9.8) to KEV catalog. #CyberSecurity #Vulnerability https://t.co/yMh3L7kFpS https://t.co/3Ef9GSlGlg
@CyberHub_blog
7 May 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗞️ Critical Langflow RCE Vulnerability Actively Exploited to Compromise AI Servers CISA warns of active exploitation of CVE-2025-3248, a critical Langflow RCE flaw allowing unauthenticated attackers to seize control of AI app servers. Organizations must urgently update to h
@gossy_84
7 May 2025
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Actively Exploited: CVE-2025-3248 – Langflow Remote Code Execution Flaw 🚨 CISA has added Langflow’s unauthenticated RCE vulnerability to its known exploited list, urging immediate action. About the vulnerability: • Affects Langflow < v1.3.0 • Unau
@modat_magnify
7 May 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1332 CVE-2025-3248 Langflow Missing Authentication Vulnerability ============= CVSSスコア:9.8 (Base) / VulnCheck CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 種別:重要
@piyokango
7 May 2025
6361 Impressions
2 Retweets
10 Likes
1 Bookmark
0 Replies
1 Quote
クリティカルなLangflow RCE欠陥が利用され、AIアプリのサーバーがハッキングされる(CVE-2025-3248) https://t.co/b69s8LBg6P #Security #セキュリティ #ニュース
@SecureShield_
7 May 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "464AFA20-81A9-41A6-B9F1-CD38B64C40C7",
"versionEndExcluding": "1.3.0"
}
],
"operator": "OR"
}
]
}
]