H3-2025-0025
Langflow Code Injection Vulnerability
| Category | VULNERABILITY |
| Base Score | 9.8 |
Description
CVE-2025-3248 is a remote code execution vulnerability affecting Langflow, an open-source platform used for visually composing AI-driven agents and workflows. Specifically, versions of Langflow prior to 1.3.0 are vulnerable. This vulnerability arises from a missing authentication mechanism in the /api/v1/validate/code endpoint, which improperly invokes Python's exec() function on user-supplied code. Exploitation does not require authentication, allowing a remote, unauthenticated attacker to execute arbitrary code by sending crafted HTTP requests to the vulnerable endpoint.
Impact
Remote unauthenticated attackers can take over the Langflow server and access any data sources connected to it.
References
- Horizon3.ai: Unsafe at Any Speed: Abusing Python Exec for Unauth RCE in Langflow AI
- Langflow 1.3.0 Release Notes
- NVD: CVE-2025-3248 Detail - NVD
- CISA Adds One Known Exploited Vulnerability to Catalog
- Scouting a Threat Actor
- Metasploit: Langflow AI RCE
- Nuclei: Langflow AI - Unauthenticated Remote Code Execution