KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2025-3248

PUBLISHED

Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code

Exploited in the wild PoC available Remote Low complexity No user interaction
Vendor
langflow-ai
Product
langflow
Published
Apr 07, 2025
EPSS

Description

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

cisa nuclei_scanner metasploit

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2025-05-05 00:00:00 UTC · Source

Proof of concept available

Recorded 2025-04-27 04:41:18 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA May 05, 2025

Scanner integrations

Scanner Reference Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/langflow_unauth_rce_cve_2025_3248.rb Apr 28, 2025
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-3248.yaml Apr 25, 2025

Recent mentions

Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence

TheHackerNews · May 06, 2025

A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0. "Langflow contains a missing

CISA Adds One Known Exploited Vulnerability to Catalog

All CISA Advisories · May 05, 2025

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-3248 Langflow Missing Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

langflow_unauth_rce_cve_2025_3248

metasploit · Created Unknown

Metasploit module for CVE-2025-3248

minxxcozy/CVE-2025-3248-langflow-RCE

github · Created 2025-04-27 04:41:18 UTC · 0 stars

CVE-2025-3248 Langflow 사전 인증 원격 코드 실행 취약점 PoC

verylazytech/CVE-2025-3248

github · Created 2025-04-16 14:00:02 UTC · 3 stars

PuddinCat/CVE-2025-3248-POC

github · Created 2025-04-10 14:04:29 UTC · 1 stars

POC of CVE-2025-3248, RCE of LangFlow

xuemian168/CVE-2025-3248

github · Created 2025-04-10 11:45:57 UTC · 5 stars

A vulnerability scanner for CVE-2025-3248 in Langflow applications. 用于扫描 Langflow 应用中 CVE-2025-3248 漏洞的工具。

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Proof of Concept Exploit Available

  • Detected by Metasploit

  • Added to KEVIntel