CVE-2025-34291
Published Dec 5, 2025
Last updated 25 days ago
AI description
CVE-2025-34291 is a chained vulnerability affecting Langflow versions up to and including 1.6.9, which can lead to account takeover and remote code execution (RCE). This flaw stems from an overly permissive Cross-Origin Resource Sharing (CORS) configuration, where `allow_origins='*'` is combined with `allow_credentials=True`. This misconfiguration, coupled with a refresh token cookie set to `SameSite=None`, allows a malicious webpage to make cross-origin requests that include user credentials. By successfully calling the refresh endpoint, an attacker can obtain valid access and refresh token pairs for a victim's session. These acquired tokens can then be used to access authenticated endpoints, including those designed for code execution, ultimately enabling the attacker to achieve remote code execution. The vulnerability also involves a lack of CSRF protection on the token refresh endpoint and a code validation endpoint that permits code execution by design. Active exploitation of this vulnerability has been observed.
- Description
- Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- langflow
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Langflow Origin Validation Error Vulnerability
- Exploit added on
- May 21, 2026
- Exploit action due
- Jun 4, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- disclosure@vulncheck.com
- CWE-346
- Hype score
- Not currently trending
Any unpatched Langflow instance is being scanned by Iranian APT MuddyWater right now. CVE-2025-34291 (CVSS 9.4) chains a CORS flaw, missing CSRF, and a code-exec endpoint into full RCE plus exfil of every API key. CISA KEV deadline June 4.
@ShortInfoNews
15 Jun 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 ด่วน! แจ้งเตือนช่องโหว่ร้ายแรงใน Langflow 🛑 ⚠️ ศูนย์ประสานการรักษาความมั่นคงปลอดภัยระบบคอมพิวเตอร์แห
@ThaiCERTByNCSA
4 Jun 2026
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرة حرجة في Langflow (CVE-2025-34291) — CVSS 9.4 قيد الاستغلال الفعّال تتيح تنفيذ تعليمات برمجية عن بُعد (RCE) والسيطرة الكاملة، ورُصد استغلالها من MuddyWater. أضافتها CISA ل
@azez_alzamil
1 Jun 2026
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-34291: Langflow AI Agent Account Takeover and Remote Code Execution - What It Means for Your Business and How to Respond https://t.co/cUpVe7tk5j
@integ_sec
30 May 2026
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV 警告 26/05/21:Langflow の脆弱性 CVE-2025-34291 を KEV に登録 https://t.co/E4gWGnLbER この Langflow の脆弱性 CVE-2025-34291 の原因は、 オリジン検証エラーと呼ばれるドメイン間の信頼境界の検証不備と、不適切なコン
@iototsecnews
28 May 2026
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
U.S. CISA adds Trend Micro Apex One (CVE-2026-34926) and Langflow (CVE-2025-34291) to Known Exploited Vulnerabilities catalog via @SecurityAffairs #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/XMknEc88Ko
@proficioinc
27 May 2026
126 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-34291 | CVSS 8.8 | ACTIVELY EXPLOITED Langflow ≤1.6.9 has a chained flaw that lets a malicious webpage steal your session tokens and run arbitrary code on your server. No user interaction beyond visiting a webpage. No special attacker privileges needed.
@kashaunTechGuy
27 May 2026
10 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA أضافت CVE-2025-34291 في Langflow لقائمة KEV بعد استغلال موثّق يُنسب لمجموعة MuddyWater. الثغرة (CVSS 9.4) تجمع CORS مفتوحة بزيادة CSRF للوصول لـ refresh endpoint وتنفيذ arbitrary code بصلاحيا
@KasperskyDev
26 May 2026
179 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA added Langflow CVE-2025-34291 to KEV on May 21. Federal patch deadline June 4. Attribution: MuddyWater. Same MOIS team that pre-positioned Stryker before Handala fired the bulk Intune wipe in March. We have tracked this crew across six briefs. Thread on the new front.
@whiskeyhacker
26 May 2026
529 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE watch: CVE-2025-34291: Langflow Langflow - Langflow Origin Validation Error… Check exposure, dependency, and agent/tool access before panic-patching. Inventory beats vibes. Source: https://t.co/F1oGNQzALj https://t.co/MvpWlFo0x0
@views2day
24 May 2026
167 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️⚔️ VULNCHEFAI Morning Threat Intel 3 active CISA KEVs confirmed in the wild: • CVE-2026-9082 — Drupal Core (patch by May 27) • CVE-2025-34291 — Langflow • CVE-2026-34926 — Trend Micro Apex One Real-world exposures already showing on Shodan. Patch th
@CyberchefG
24 May 2026
241 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Langflow CVE-2025-34291 (CVSS 9.4) actively exploited. A simple CORS misconfiguration (`allow_origins='*'` with `allow_credentials=True`) allows attackers to steal session tokens and execute arbitrary code. 🔗 https://t.co/IsKJCnRya4 #CyberSecurity #Langflow #CVE2025342
@ThreatAft
24 May 2026
243 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【LangflowとApex Oneの悪用脆弱性、CISA KEVに追加】 The Hacker Newsは、CISAがLangflowとTrend Micro Apex Oneの脆弱性をKEVカタログに追加したと報じました。LangflowのCVE-2025-34291、Apex One on-premiseのCVE-2026-34926はいずれも実悪用
@01ra66it
23 May 2026
592 Impressions
2 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Every Langflow install on 1.6.9 or older is under active exploitation by Iran's MuddyWater APT. CISA added CVE-2025-34291 to its KEV catalog May 21, CVSS 9.4. Chains permissive CORS with a missing CSRF on a code-execution endpoint. Federal patch deadline June 4.
@ShortInfoNews
23 May 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 CISA KEV UPDATE: Two new vulnerabilities affecting Langflow (CVE-2025-34291) & Trend Micro Apex One (CVE-2026-34926) are being actively exploited. Federal agencies mandated to patch. All orgs urged to patch NOW! #CyberSecurity #Vulnerability #Patc... 🌐 cyber[.]netsec
@NetSecIO
22 May 2026
306 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🏮 Hot off the press: 3 new vulnerability research articles that everyone should read: - art-template npm compromise delivered a Coruna-like iOS exploit kit (Critical 🔴) - CVE-2025-34291: Langflow CORS and refresh-token chain reaches RCE (Critical 🔴) - CVE-2026-46333: Lin
@asadeddin
22 May 2026
383 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
LinkedIn 🏮 Hot off the press: 3 new vulnerability research articles that everyone should read: - art-template npm compromise delivered a Coruna-like iOS exploit kit (Critical 🔴) - CVE-2025-34291: Langflow CORS and refresh-token chain reaches RCE (Critical 🔴) - CVE-2026-4
@asadeddin
22 May 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Iranian state-sponsored group MuddyWater exploited a CORS misconfiguration in Langflow (CVE-2025-34291) to hijack user sessions and execute remote code. Attackers used compromised tokens to move laterally within networks and establish persistent command channels. Runtime
@aviatrixtrc
22 May 2026
235 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog https://t.co/UXVMd5Jf3c The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnera
@f1tym1
22 May 2026
235 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA adds CVE-2025-34291 and CVE-2026-34926 to KEV after active exploitation. ✅ Patch immediately, restrict exposure, and review logs. https://t.co/mU4BY8f0aF #Langflow #TrendMicro #CISAKEV #CVE #CyberSecurity #Vulert
@vulert_official
22 May 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISO Daily Briefing: SLSA Build Level 3 provenance defeated — Shai-Hulud/Megalodon backdoored 5,561 repos in 6 hours via stolen OIDC tokens, breaching OpenAI employee devices and Grafana Labs internal repos; Langflow CVE-2025-34291 (CVSS 9.4) is the first AI orchestration
@cloudsa
22 May 2026
377 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-34291 & CVE-2026-34926 join CISA's KEV Catalog, spotlighting the reactive lag in vulnerability management. Clawolf AS-OS™'s Context-Aware Decision Fabric and sub-30s containment neutralize such threats autonomously, bypassing human… #CyberSecurity #ThreatIntellig
@Clawolf_ASOS
22 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️#Langflow: rilevato sfruttamento della CVE-2025-34291 Rischio: 🔴 Tipologia 🔸 Remote Code Execution 🔗 https://t.co/Gf0nZz2zDU ⚠ Importante aggiornare i prodotti interessati https://t.co/5u5DRZzloH
@Vulcanux_
22 May 2026
236 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
‼️#Langflow: rilevato sfruttamento della CVE-2025-34291 Rischio: 🔴 Tipologia 🔸 Remote Code Execution 🔗 https://t.co/xwh6eITcRa ⚠ Importante aggiornare i prodotti interessati https://t.co/7inWF2KRdt
@csirt_it
22 May 2026
416 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA KEV: Dos vulnerabilidades activamente explotadas 🔴 CVE-2025-34291 (Langflow, CVSS 9.4) → ejecución remota de código. Usada por MuddyWater (Irán) 🔴 CVE-2026-34926 (Trend Micro Apex One) → directory traversal ✅ Parche antes del 4 de junio #CISA #KEV #La
@esecintelcl
22 May 2026
277 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟠 Critical Vulnerabilities Added to KEV Catalog Langflow origin validation error (CVE-2025-34291 (CVSS: 8.8/10)) can allow attackers to compromise applications. • Exploited by malicious actors • Can lead to unauthorized data access and remote code execution • CISA has a
@NewsDaily18579
22 May 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-42945 2 - CVE-2026-46333 3 - CVE-2026-9082 4 - CVE-2026-31431 5 - CVE-2025-34291 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
22 May 2026
267 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。(5/21追加) 🛡️No.1601 CVE-2025-34291 Langflow Origin Validation Error Vulnerability ==================================== ✅概要 ・深刻度:重要 8.8 (CVSS Base) / NVD ・種
@piyokango
22 May 2026
2325 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨 CISA just added two actively exploited vulns to its KEV catalog. https://t.co/WvqIuYCuv2 Critical RCE in Langflow (CVE-2025-34291, CVSS 9.4) and directory traversal in Trend Micro Apex One (on-prem). Patch now if you're using either.
@TheHackersNews
22 May 2026
9526 Impressions
9 Retweets
42 Likes
4 Bookmarks
3 Replies
2 Quotes
CISA updates its KEV Catalog with critical flaws in Langflow (CVE-2025-34291) and Trend Micro Apex One. Federal agencies ordered to patch by June 4, 2026. #CISAKEV #Langflow #TrendMicro #ThreatIntel #Vulnerability #AIsecurity #CORSbypass #RCE #SysAdmin https://t.co/gCUz7fJErq ht
@the_yellow_fall
21 May 2026
637 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに、LangflowのCVE-2025-34291とTrend Micro Apex One(オンプレミス版)のCVE-2026-34926を追加。退所期限は通常の6/4。ランサムウェ
@__kokumoto
21 May 2026
1046 Impressions
0 Retweets
4 Likes
0 Bookmarks
1 Reply
0 Quotes
CISAが既知の悪用された脆弱性2件をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (May 21) CVE-2025-34291 Langflow Origin検証エラーの脆弱性 CVE-2026-34926 Trend Micro Apex One (オンプレミス) ディレクトリ
@foxbook
21 May 2026
502 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NEW THREAT INTEL: CISA KEV adds Langflow CORS RCE (CVE-2025-34291) & Trend Micro Apex One traversal (CVE-2026-34926). 9 rules, 23 IOCs. https://t.co/7gAFSNuG1e #ThreatIntel #KEV https://t.co/YFZ0letYOx
@threadlinqs
21 May 2026
292 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Authentication Bypass → Remote Code Execution in Langflow added to the CISA Known Exploited Vulnerabilities catalog (CVE-2025-34291). Active exploitation confirmed. Patch immediately. More details 👇 https://t.co/8HFUZocq5R
@ThreatLevelAI
21 May 2026
230 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🛡️ We added Langflow origin validation error vulnerability CVE-2025-34291 and Trend Micro Apex One (on-premise) server directory traversal vulnerability CVE-2026-34926 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSec https://t.c
@CISACyber
21 May 2026
7081 Impressions
11 Retweets
30 Likes
4 Bookmarks
7 Replies
2 Quotes
🚨 New CISA KEV: CVE-2025-34291 Langflow Langflow https://t.co/1fwKRpnKVx #boarnet #cybersecurity #cisakev #cve #threatintelligence #malware https://t.co/Fzb3KLnsIQ
@boarnetio
21 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-34291 — Langflow Langflow CVSS 9.4 CRITICAL | EPSS 9% Added to CISA KEV. Active exploitation confirmed. https://t.co/ia72gEMf6d #CVE #InfoSec #CISA
@threatpodium
21 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Another feature update today, focused on two new CVEs, now live on Github, see details below: CVE-2025-3248 - Looks at Langflow package versions. Flags vulnerable if your version is below known safe versions. CVE-2025-34291 - Looks at both version and web security settings.
@CoyoteSecure
22 Feb 2026
4493 Impressions
1 Retweet
7 Likes
3 Bookmarks
0 Replies
2 Quotes
🚨 This week’s CrowdSec Threat Alert highlights CVE-2025-34291, a critical LangFlow RCE actively exploited in the wild. 👀 Security teams: patch your LangFlow instances and harden configurations to prevent account takeovers and full AI workflow compromise. Explore the att
@Crowd_Security
26 Jan 2026
230 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-34291 - critical 🚨 Langflow AI <= 1.6.9 - CORS Misconfiguration > Langflow AI versions 1.6.9 and earlier are vulnerable to a CORS misconfiguration that... 👾 https://t.co/e1YPPdeZ52 @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
4 Jan 2026
210 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-34291: Critical Account Takeover and RCE Vulnerability in the Langflow AI Agent & Workflow Platform https://t.co/6BFy4NrXa9
@AISecHub
6 Dec 2025
207 Impressions
1 Retweet
6 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-34291 Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configu… https://t.co/iardPZwPYU
@CVEnew
5 Dec 2025
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D74DC53-9772-4172-822E-3E29E5A4DDC9",
"versionEndIncluding": "1.6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]