CVE-2025-3248

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.3.0

Description Langflow is susceptible to unauthenticated remote code execution due to a code injection flaw in the /api/v1/validate/code endpoint. A remote attacker can send crafted HTTP requests containing malicious Python code via the code parameter to execute arbitrary commands on the server, potentially leading to full system compromise. This issue is caused by insufficient input validation during the compilation of Python code and a lack of authentication for this critical function.

Real-world exploitation has been observed involving the Flodrix botnet, which uses Python-based malware to conduct DDoS attacks and steal data. Attackers have utilized reconnaissance tools like Shodan and FOFA to identify publicly accessible servers and employed evasion techniques such as string obfuscation and self-deletion to avoid detection.

Recommendations Update to version 1.3.0 or higher. Restrict network access to the API to eliminate public exposure. Block POST requests to the /api/v1/validate/code endpoint that contain Python operators such as exec, Exception, import, print, or system in the request body.