AI description
CVE-2025-3248 is a code injection vulnerability that affects Langflow versions prior to 1.3.0. It exists in the `/api/v1/validate/code` endpoint, where a remote, unauthenticated attacker can send crafted HTTP requests to execute arbitrary code on the server. This vulnerability allows attackers to gain control of vulnerable Langflow servers without needing authentication. To remediate this vulnerability, users are advised to upgrade to Langflow version 1.3.0 or restrict network access to the application.
- Description
- Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Langflow Missing Authentication Vulnerability
- Exploit added on
- May 5, 2025
- Exploit action due
- May 26, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
A new critical vulnerability in LangFlow (CVE-2025-3248) is being actively exploited to deploy the Flodrix botnet. This high-severity flaw allows unauthenticated remote code execution. https://t.co/d6Hpc1QfgC #CyberSecurity #Ransomware
@theattacksurfac
12 Jul 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3248 is a critical unauthenticated RCE in Langflow now being exploited by the Flodrix #botnet. Dual C&C, code injection, and self-deletion make this a high-priority threat. Proactive security starts here: ⬇️ https://t.co/0HCzLHc7xh https://t.co/1AKKQt1yf7
@TrendMicroRSRCH
12 Jul 2025
549 Impressions
4 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Vision One™ protects enterprises from CVE-2025-3248 exploitation attempts with network security rules, threat insights, and hunting queries. Gain visibility into Flodrix IOCs and secure your Langflow systems. Full protection details: ⬇️ https://t.co/0HCzLHc7xh https
@TrendMicroRSRCH
7 Jul 2025
552 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
4 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical vulnerability CVE-2025-3248 in Langflow prior to 1.3.0 is actively exploited to deploy Flodrix botnet, enabling DDoS and data theft via malicious Python payloads. Stay alert! 🚨 #CVE20253248 #Flodrix #China https://t.co/WWEYmhSj8l
@TweetThreatNews
3 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Vision One™ protects enterprises from CVE-2025-3248 exploitation attempts with network security rules, threat insights, and hunting queries. Gain visibility into Flodrix IOCs and secure your Langflow systems. Full protection details:⬇️ https://t.co/0HCzLHc7xh http
@TrendMicroRSRCH
3 Jul 2025
469 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Threat Actors Exploit CVE-2025-3248 to Deliver Flodrix Botnet | 30-06-2025 Source: https://t.co/w9WO1pgqKZ Key details below ↓ 💀Threats: Flodrix_botnet, Leethozer_botnet, 🔓CVEs: CVE-2025-3248 \[[Vulners](https://t.co/aFhtotmRvx)] - CVSS
@rst_cloud
1 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Langflow’s growing use in intelligent automation makes it an attractive target. CVE-2025-3248 allows unauthenticated code execution on versions below 1.3.0—posing a critical risk to enterprise environments. Review mitigation steps now:⬇️ https://t.co/0HCzLHc7xh https://
@TrendMicroRSRCH
30 Jun 2025
505 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
人気のAIプロトタイピング用Pythonフレームワーク「Langflow」が重大な脆弱性(CVE-2025-3248)により攻撃を受けている。
@yousukezan
30 Jun 2025
2356 Impressions
5 Retweets
16 Likes
11 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
30 Jun 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-3248 ... https://t.co/RCidGXRHZa
@nasibaliyusibov
29 Jun 2025
57 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨CVE-2025-3248: RCE vulnerability in Langflow Link: https://t.co/zvB6RhBYib ZoomEye Dork: app="Langflow" Results: 1,862 Advisory: https://t.co/jOKO3VWQpK PoC: https://t.co/sjusZmZVXJ CVSS: 9.3 https://t.co/cUS6NrEfxN
@DarkWebInformer
29 Jun 2025
12703 Impressions
28 Retweets
142 Likes
48 Bookmarks
2 Replies
0 Quotes
CVE-2025-3248 (CVSS 9.8) is being actively exploited to deliver the #Flodrix botnet. Vulnerable Langflow deployments may face full system compromise, data loss, or DDoS attacks. Enterprises must patch to v1.3.0 and restrict public access immediately:⬇️ https://t.co/0HCzLHc7
@TrendMicroRSRCH
29 Jun 2025
595 Impressions
1 Retweet
3 Likes
3 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
29 Jun 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
28 Jun 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Threat actors are reportedly exploiting CVE-2025-3248 to deliver the Flodrix Botnet, targeting AI verticals and linked to the LeetHozer family. #CyberSecurity #FlodrixBotnet https://t.co/ua14mF6Vib
@Cyber_O51NT
28 Jun 2025
541 Impressions
2 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
#Threatactors are exploiting CVE-2025-3248 to deliver the #Flodrix botnet, a new #malware targeting vulnerable servers with #DDoS capabilities & stealthy persistence. @TrendMicro recently reported on it. Check out our blog for more info & related samples. https://t.co/Qz
@PolySwarm
27 Jun 2025
658 Impressions
9 Retweets
31 Likes
1 Bookmark
1 Reply
0 Quotes
Flodrix exploits Langflow’s critical validation flaw (CVE-2025-3248) to gain unauthenticated RCE through a single POST request. Learn how to defend your environment: ⬇️ https://t.co/0HCzLHc7xh https://t.co/vruR1ys9Cs
@TrendMicroRSRCH
27 Jun 2025
403 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6 Trend™ Research has identified an active Flodrix #botnet campaign exploiting CVE-2025-3248 in vulnerable Langflow servers. Attackers are using the flaw to deploy malware, putting affected systems at risk of full compromise. Learn more here: https://t.co/oT8sk48EqK https:/
@TrendMicro
26 Jun 2025
384 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-3248 (CVSS 9.8) is being actively exploited to deliver the #Flodrix botnet. Vulnerable Langflow deployments may face full system compromise, data loss, or DDoS attacks. Enterprises must patch to v1.3.0 and restrict public access immediately: https://t.co/eFlB6KXG2M
@TrendMicro
24 Jun 2025
423 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3248 - RCE Scanner Released A critical Remote Code Execution vulnerability has been identified and a PoC scanner is now available. Ideal for security researchers and red teamers. 🛠️ Tool & Exploit: https://t.co/hbgV2r1DdU #CyberSecurity #RCE #CVE2025 #BugB
@issam_juniorx
23 Jun 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#RCE attempts targeting Langflow (CVE-2025-3248) to distribute #redtail #xmrig #coinminer 2025-06-20 23:33:10 UTC Source IPs: 193.32.162.157 🇷🇴 and 185.93.89.118 🇮🇷 POST /api/v1/validate/code IOCs: 66.63.187.193 🇺🇸 hxxp://66.63.187.193/sh 45ccafcdc6e78bd6471a7
@sicehice
23 Jun 2025
504 Impressions
1 Retweet
3 Likes
3 Bookmarks
0 Replies
0 Quotes
📌 Critical Langflow vulnerability (CVE-2025-3248) exploited for Flodrix botnet. Predator group remains active. #CyberSecurity #Malware https://t.co/pGr0H0UdOC https://t.co/eHE6TnM3t4
@CyberHub_blog
23 Jun 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet | 19-06-2025 Source: https://t.co/mkbrMXzHxk Key details below ↓ 💀Threats: Flodrix_botnet, Leethozer_botnet, 🎯Victims: Organizations using langflo
@rst_cloud
20 Jun 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Trend Micro uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data. https://t.co/ENlGEXDMcR
@virusbtn
20 Jun 2025
1627 Impressions
8 Retweets
21 Likes
6 Bookmarks
0 Replies
1 Quote
CVE-2025-3248 - Langflow RCE Exploit Shodan: http.title:"Langflow" "Langflow allows you to build LLM applications" title:"Langflow" ZoomEye: app="Langflow" #bugbounty #bugbbountytips #rce https://t.co/mRNLUcr86k
@zapstiko
20 Jun 2025
1179 Impressions
5 Retweets
28 Likes
12 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in Langflow (CVE-2025-3248) allows attackers to remotely compromise systems without authentication. The sophisticated Flodrix botnet is already putting sensitive business data at risk. Is your organization proactively secured? https://t.co/4sBWJcWXgs htt
@natordas
20 Jun 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CVE-2025-3248 – #Unauthenticated #Remote_Code_Execution in #Langflow via #Insecure #Python exec Usage https://t.co/bk9idSjQWb https://t.co/opMwk5J6yX
@omvapt
19 Jun 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Research has detected an active campaign exploiting the critical CVE-2025-3248 vulnerability to deliver the Flodrix botnet. Attackers use it to run downloader scripts on compromised Langflow servers. Proactively secure your systems: https://t.co/S4RzNMq1Ly https://t.co/EK
@TrendMicro
19 Jun 2025
650 Impressions
3 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
Deep Dive: CVE-2025-3248 (Critical RCE in Langflow) ⚠️ CVSS 9.8 | EPSS 92.57% An unauthenticated API + insecure exec() = complete server compromise. Attackers can pass arbitrary Python code to Langflow's /api/v1/builder/execute_code endpoint. No auth, no sandbox, just inst
@offsectraining
19 Jun 2025
3376 Impressions
5 Retweets
34 Likes
2 Bookmarks
0 Replies
0 Quotes
Deep Dive: CVE-2025-3248 (Critical RCE in Langflow) ⚠️ CVSS 9.8 | EPSS 92.57% An unauthenticated API + insecure exec() = complete server compromise. Attackers can pass arbitrary Python code to Langflow's /api/v1/builder/execute_code endpoint. No auth, no sandbox, just inst
@offsectraining
19 Jun 2025
252 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3248 is a critical unauthenticated RCE in Langflow now being exploited by the Flodrix #botnet. Dual C&C, code injection, and self-deletion make this a high-priority threat. Proactive security starts here:⬇️ https://t.co/0HCzLHc7xh https://t.co/urzMhLcLJ3
@TrendMicroRSRCH
19 Jun 2025
764 Impressions
5 Retweets
15 Likes
1 Bookmark
0 Replies
0 Quotes
Critical flaw in @langflow_ai (CVE-2025-3248) is being actively exploited to deploy the Flodrix botnet. ✦ Remote code execution ✦ Data theft & DDoS ✦ Unpatched systems are at risk Update to v1.3.0 now. How to protect yourself: https://t.co/ITSMvKYnBd #CyberSecurity
@socradar
19 Jun 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new campaign is exploiting a critical vulnerability (CVE-2025-3248) in Langflow to launch DDoS attacks. Users and admins are urged to update to the latest version immediately. Read the alert here: https://t.co/JLzzG2JlEq https://t.co/T00om8OFCl
@CSAsingapore
19 Jun 2025
133 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Research reports that attackers are exploiting CVE-2025-3248 in vulnerable Langflow servers to deliver the Flodrix botnet, enabling DDoS attacks and potential data breaches. #CyberSecurity #Malware https://t.co/kxYqKL8pxL
@Cyber_O51NT
19 Jun 2025
433 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-3248 is a critical unauthenticated RCE in Langflow now being exploited by the Flodrix #botnet. Dual C&C, code injection, and self-deletion make this a high-priority threat. Proactive security starts here: https://t.co/FLdWzZL6AR
@TrendMicro
18 Jun 2025
554 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️بوت نت Flodrix يضرب خوادم Langflow – ثغرة جديدة تحت الهجوم! في حملة هجوم نشطة، كشفت Trend Research إن الهاكرز بدأوا يستغلوا الثغرة CVE-2025-3248 لاختراق خوادم Langflow ونشر بر
@hiddenlockT
18 Jun 2025
102 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-3248 Langflow RCE Exploit @ynsmroztas PoC: https://t.co/p3zc6jgzDh ZoomEye Dork: app="Langflow" #bugbountytips #bugbounty #rce https://t.co/OyUKxTBpdz
@zapstiko
18 Jun 2025
815 Impressions
0 Retweets
17 Likes
5 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
18 Jun 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Langflowの脆弱性CVE-2025-3248がFlodrixボットネットに悪用される https://t.co/seHPzD00iY #Security #セキュリティ #ニュース
@SecureShield_
18 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Popular Python visual framework for AI application development Langflow is being actively exploited via unauthenticated RCE code validation bypass (CVE-2025-3248) in a nasty campaign dropping the multi-architecture Flodrix DDoS botnet. Proper authentication implemented in https:
@ricomanifesto
17 Jun 2025
194 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
I enjoyed Exploring and Exploiting CVE-2025-3248-Langflow RCE - Affected Endpoint: /api/v1/validate/code - ZoomEye Dork :- domain="https://t.co/bMoqL7hiQO" && app="Langflow" - Shodan Dork :- ssl:"https://t.co/bMoqL7hiQO" http.title:"Langflow" https://t.co/kVJcbkvS8W
@wadgamaraldeen
17 Jun 2025
6187 Impressions
10 Retweets
118 Likes
95 Bookmarks
3 Replies
0 Quotes
Security researchers have identified an active campaign exploiting CVE-2025-3248, a critical RCE vulnerability in Langflow (versions <1.3.0). Rated 9.8 CVSS, it allows attackers to execute malicious Python code via unauthenticated requests. https://t.co/e67ucaC074
@securityRSS
17 Jun 2025
52 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 Flodrix Botnet Exploits Critical Langflow Flaw: Urgent Action Needed CVE-2025-3248 is under attack! Flodrix botnet targets Langflow, enabling DDoS & system compromise. Upgrade to 1.3.0 & secure endpoints now. More details: https://t.co/q8jfKf1BZV #Cybersecurity #Bo
@threatsbank
17 Jun 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3248 : Critical Langflow Vulnerability Actively Exploited to Deliver Flodrix Botnet https://t.co/tYNGyldbPK https://t.co/cfJedIxbaL
@freedomhack101
17 Jun 2025
82 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨ACTU CYBER🚨 @Langflow ciblé par Flodrix via faille CVE-2025-3248, botnet actif sur serveurs non à jour. Lien en bio pour lire la suite ! #cybersécurité https://t.co/1YgqJzCBv4
@cybercare_fr
17 Jun 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3248 Remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code Finding Targets To find potential targets, use Fofa •Fofa Dork: "Langflow"` Cloning the Repository First, clone the repository: git clone https://t.co/I2SDG5bw
@TheMsterDoctor1
17 Jun 2025
2921 Impressions
16 Retweets
56 Likes
36 Bookmarks
0 Replies
0 Quotes
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet https://t.co/KiSLBrUe2u
@Dinosn
16 Jun 2025
2591 Impressions
7 Retweets
21 Likes
2 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-3248
@transilienceai
3 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
(🧵Thread) CVE-2025-3248: Renewed Interest in Langflow Remote Code Execution Key findings: 🔹 Despite initial hacker interest after the exploit's public release (April 9), attacks detected by the CrowdSec Network plummeted to near zero within days, likely due to rapid detec
@Crowd_Security
2 Jun 2025
248 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "464AFA20-81A9-41A6-B9F1-CD38B64C40C7",
"versionEndExcluding": "1.3.0"
}
],
"operator": "OR"
}
]
}
]