CVE-2025-3248

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.3.0

Description Langflow is vulnerable to an unauthenticated remote code execution (RCE) vulnerability (CVE-2025-3248) due to a missing authentication check in the /api/v1/validate/code endpoint. This allows attackers to execute arbitrary code on vulnerable systems without authentication. The Flodrix botnet is actively exploiting this vulnerability to deploy malware, including DDoS capabilities. The vulnerability has a CVSS score of 9.8 and is considered critical. Exploitation involves sending crafted HTTP requests to the vulnerable endpoint. Proof-of-concept exploits are publicly available. Over 460 servers are reportedly exposed.

Recommendations Upgrade Langflow to version 1.3.0 or later to address this vulnerability. Restrict network access to the affected systems as a temporary mitigation.