CVE-2025-3248
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Available Exploits
Related News
CISA warns of active exploitation of critical Langflow vulnerability (CVE-2025-3248). Critical RCE flaw allows full server takeover. Patch…
A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has confirmed by adding it to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Langflow flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow flaw, tracked as CVE-2025-3248 (CVSS score of 9.8…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2025-3248 to its Known Exploited Vulnerabilities (KEV) The post Langflow Under Attack: CISA Warns of Active Exploitation of CVE-2025-3248 appeared first on Daily CyberSecurity.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-3248 Langflow Missing Authentication Vulnerability These types of vulnerabilities are frequent attack v…
Affected Products
Affected Versions:
Known Exploited Vulnerability
This vulnerability is actively being exploited in the wild
Remediation Status
Due Date
Added to KEV
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.