CVE-2025-3248

CVSS v2.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions

Langflow versions prior to 1.3.0

Description

Langflow is vulnerable to an unauthenticated remote code execution (RCE) vulnerability (CVE-2025-3248) due to a missing authentication check in the

/api/v1/validate/code

endpoint. This allows attackers to execute arbitrary code on vulnerable systems without authentication. The Flodrix botnet is actively exploiting this vulnerability to deploy malware, including DDoS attacks and data theft. The vulnerability has a CVSS score of 9.8 and is considered critical. Exploitation involves sending crafted HTTP requests to the vulnerable endpoint. Proof-of-concept exploits are publicly available. The vulnerability has been added to CISA’s KEV catalog. Approximately 466 servers are currently exposed.

Recommendations

Update Langflow to version 1.3.0 or later. Restrict network access to the vulnerable endpoint as a temporary mitigation.

Exploit

Fix

RCE

Missing Authentication

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-94

Related Identifiers

BDU:2025-06683

CVE-2025-3248

GHSA-C995-4FW3-J39M

GHSA-RVQX-WPFH-MFX7

PYSEC-2025-36

Affected Products

Langflow

CVE-2025-3248

Weakness Enumeration

Related Identifiers

Affected Products

References · 324