Full Report
A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0. "Langflow contains a missing
Analysis Summary
# Vulnerability: Critical Unauthenticated Remote Code Execution in Langflow
## CVE Details
- CVE ID: CVE-2025-3248
- CVSS Score: 9.8 (Critical)
- CWE: Missing Authentication for Critical Function (Implied, due to improper access control leading to code execution)
## Affected Systems
- Products: Langflow open-source platform
- Versions: Most versions prior to 1.3.0
- Configurations: Any Langflow instance exposed to the network where the vulnerable endpoint is accessible.
## Vulnerability Description
The vulnerability resides in the `/api/v1/validate/code` endpoint in Langflow. This endpoint improperly invokes Python's built-in `exec()` function to process user-supplied code without implementing adequate authentication or sandboxing measures. A remote, unauthenticated attacker can exploit this by sending crafted HTTP requests to execute arbitrary code on the underlying server.
## Exploitation
- Status: Exploited in the wild (Added to CISA KEV Catalog)
- Complexity: Low (Described as "easily exploitable")
- Attack Vector: Network
## Impact
- Confidentiality: High (Remote Code Execution capability)
- Integrity: High (Remote Code Execution capability)
- Availability: High (Remote Code Execution capability, potential server takeover)
## Remediation
### Patches
- Langflow version 1.3.0 (Released March 31, 2025) addresses the flaw.
### Workarounds
- No specific workarounds were detailed, but the nature of the flaw suggests immediate patching is required. Restricting network access to the Langflow instance until patched is a necessary mitigation step.
## Detection
- Detection relies on monitoring for suspicious POST requests to the URI path `/api/v1/validate/code`.
- Exploit attempts have been observed in the wild. Organizations should check logs for unusual execution patterns related to Python's `exec()` function originating from web requests.
## References
- Vendor Advisory/Fix Release: https://github.com/langflow-ai/langflow/releases/tag/1.3.0
- CISA KEV Catalog Addition: https://www.cisa.gov/news-events/alerts/2025/05/05/cisa-adds-one-known-exploited-vulnerability-catalog
- Discovery Details: https://horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
- Exploit Proof-of-Concept: https://x.com/_r00tuser/status/1909858365234463122 (Defanged: https://x[.]com/_r00tuser/status/1909858365234463122)