Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-3248

CRITICAL
Published 2025-04-07T14:22:38.980Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-3248. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
9.8
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.924
probability
of exploitation in the wild

There is a 92.4% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.997
Higher than 99.7% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.

Available Exploits

No exploits available for this CVE.

Related News

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet Predator Still Active, with Ne…

Securityaffairs.com 2025-06-22 15:22
Read More
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage

CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system. The post CVE-2025-3248 – Unauthenticated Remot…

Offsec.com 2025-06-18 14:01
Read More
News Flodrix botnet targets vulnerable Langflow servers

Attackers exploit CVE-2025-3248 in Langflow servers to deliver Flodrix botnet via downloader scripts, Trend Research reports. Trend Research uncovered an ongoing campaign exploiting the vulnerability CVE-2025-3248 to deliver the Flodrix botnet. Attackers expl…

Securityaffairs.com 2025-06-18 10:43
Read More
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited, Warns CISA

CISA warns of active exploitation of critical Langflow vulnerability (CVE-2025-3248). Critical RCE flaw allows full server takeover. Patch…

HackRead 2025-05-07 11:28
Read More
RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)

A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has confirmed by adding it to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2…

Help Net Security 2025-05-06 13:08
Read More

Affected Products

langflow-ai

langflow

Affected Versions:

0

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

May 26, 2025

Added to KEV

May 5, 2025

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Product

Vendor/Project: Langflow
Product: Langflow

Ransomware Risk

Known Ransomware Use
KEV Catalog Version: 2025.05.05 Released: May 5, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

Langflow Unauth RCE

GHSA-rvqx-wpfh-mfx7

Advisory Details

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Affected Packages

PyPI langflow
ECOSYSTEM: ≥0 <1.3.0
PyPI langflow-base
ECOSYSTEM: ≥0 <0.3.0

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

WEB https://github.com/langflow-ai/langflow/security/advisories/GHSA-rvqx-wpfh-mfx7
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-3248
WEB https://github.com/langflow-ai/langflow/pull/6911
WEB https://github.com/langflow-ai/langflow/commit/faac4db133de32fcb6d483fa9ff52f40ce42bdc0
PACKAGE https://github.com/langflow-ai/langflow
WEB https://github.com/langflow-ai/langflow/releases/tag/1.3.0
WEB https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai

Advisory provided by GitHub Security Advisory Database. Published: June 17, 2025, Modified: June 30, 2025

✓ GitHub Reviewed CRITICAL

Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint

GHSA-c995-4fw3-j39m

Advisory Details

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rvqx-wpfh-mfx7. This link is maintained to preserve external references. ### Original Description Langflow versions prior to 1.3.0 are susceptible to code injection in the `/api/v1/validate/code` endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Affected Packages

PyPI langflow
ECOSYSTEM: ≥0 <1.3.0

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-3248
WEB https://github.com/langflow-ai/langflow/pull/6911
PACKAGE https://github.com/langflow-ai/langflow
WEB https://github.com/langflow-ai/langflow/releases/tag/1.3.0
WEB https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai

Advisory provided by GitHub Security Advisory Database. Published: April 7, 2025, Modified: June 17, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

12 posts
Reddit 4 days, 3 hours ago
crstux
Exploit

🔥 Top 10 Trending CVEs (22/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53816](https://nvd.nist.gov/vuln/detail/CVE-2025-53816)** - 📝 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in …

Also mentions: CVE-2025-53771 CVE-2025-53770 CVE-2025-54309 CVE-2025-53816 CVE-2025-25257 CVE-2025-49706 CVE-2025-49704 CVE-2025-37103 CVE-2025-48927
2
2.0
View Original High Risk
Reddit 5 days, 3 hours ago
crstux
Exploit

🔥 Top 10 Trending CVEs (21/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53771](https://nvd.nist.gov/vuln/detail/CVE-2025-53771)** - 📝 Microsoft SharePoint Server Spoofing Vulnerability - 📅 **Published:** 20/07/2025 - 📈 **CVSS:** 6.3 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C - 📣 **Mentions:** 9 - 📝 **Analysis:** A SharePoint Server spoofing …

Also mentions: CVE-2025-53771 CVE-2025-6965 CVE-2025-53770 CVE-2025-54309 CVE-2025-25257 CVE-2025-49706 CVE-2025-49704 CVE-2025-5777 CVE-2025-48927
1
1.0
View Original High Risk
Reddit 6 days, 3 hours ago
crstux
Exploit

🔥 Top 10 Trending CVEs (20/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53770](https://nvd.nist.gov/vuln/detail/CVE-2025-53770)** - 📝 Microsoft SharePoint Server Remote Code Execution Vulnerability - 📅 **Published:** 20/07/2025 - 📈 **CVSS:** 9.8 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C - 📣 **Mentions:** 13 - ⚠️ **Priority:** 4 - …

Also mentions: CVE-2025-53770 CVE-2025-7433 CVE-2025-25257 CVE-2025-20337 CVE-2025-49706 CVE-2025-49704 CVE-2025-5777
1
1.0
View Original High Risk
Reddit 6 days, 3 hours ago
crstux
Exploit

🔥 Top 10 Trending CVEs (20/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53770](https://nvd.nist.gov/vuln/detail/CVE-2025-53770)** - 📝 Microsoft SharePoint Server Remote Code Execution Vulnerability - 📅 **Published:** 20/07/2025 - 📈 **CVSS:** 9.8 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C - 📣 **Mentions:** 13 - ⚠️ **Priority:** 4 - …

Also mentions: CVE-2025-53770 CVE-2025-7433 CVE-2025-25257 CVE-2025-20337 CVE-2025-49706 CVE-2025-49704 CVE-2025-5777
1
1.0
View Original High Risk
Reddit 3 weeks ago
digicat
Exploit

Threat Actors Exploit CVE-2025-3248 to Deliver Flodrix Botnet - CVE-2025-3248 (CVSS 9.8) in Langflow versions prior to 1.3.0, allowing unauthenticated remote code execution- Flodrix botnet is delivered via malicious Python payloads, enabling DDoS attacks and data theft.

4
4.0
View Original High Risk
Reddit 3 weeks, 3 days ago
crstux
Exploit

🔥 Top 10 Trending CVEs (02/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-6554](https://nvd.nist.gov/vuln/detail/CVE-2025-6554)** - 📝 Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) - …

Also mentions: CVE-2025-32463 CVE-2025-32462 CVE-2025-49493 CVE-2025-6543 CVE-2025-20282 CVE-2025-20281 CVE-2025-5263
2
2.0
View Original High Risk
Reddit 3 weeks, 3 days ago
falconupkid
Exploit

Threat Actors Exploit CVE-2025-3248 to Deliver Flodrix Botnet

1
1.0
View Original High Risk
Reddit 3 weeks, 4 days ago
crstux
Exploit

🔥 Top 10 Trending CVEs (01/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-32463](https://nvd.nist.gov/vuln/detail/CVE-2025-32463)** - 📝 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. - 📅 **Published:** 30/06/2025 - 📈 …

Also mentions: CVE-2025-49493 CVE-2025-6543 CVE-2025-20282 CVE-2025-20281 CVE-2025-5777 CVE-2025-5263 CVE-2025-1050
1
1.0
View Original High Risk
Reddit 3 weeks, 5 days ago
crstux
Exploit

🔥 Top 10 Trending CVEs (30/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-5263](https://nvd.nist.gov/vuln/detail/CVE-2025-5263)** - 📝 Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, …

Also mentions: CVE-2025-3699 CVE-2024-51977 CVE-2025-6543 CVE-2025-5777 CVE-2025-5263 CVE-2025-1050 CVE-2025-32433
1
1.0
View Original High Risk
Reddit 4 weeks, 1 day ago
lubyruffy

Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet

1
1.0
View Original
View All 12 Posts

References

https://github.com/langflow-ai/langflow/pull/6911
https://github.com/langflow-ai/langflow/releases/tag/1.3.0
https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
Published: 2025-04-07T14:22:38.980Z
Last Modified: 2025-05-05T22:20:22.724Z
Copied to clipboard!