CVE-2025-3248

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.3.0

Description Langflow is susceptible to code injection due to a lack of authentication in a critical function. A remote and unauthenticated attacker can send crafted HTTP requests to the '/api/v1/validate/code' endpoint to execute arbitrary code on the server, potentially leading to a full server takeover. The issue involves the code parameter, which allows the transmission of Python code that can be executed via the exec() function and the subprocess.check output() function.

Real-world exploitation has been observed involving the Flodrix botnet, which uses Python-based malware to conduct DDoS attacks and steal data from compromised systems. Attackers have utilized open-source exploits and reconnaissance tools like Shodan to identify publicly accessible servers. To avoid detection, the malware employs evasion techniques such as string obfuscation and self-deletion.

Recommendations Update to version 1.3.0 or newer. Restrict network access to the API to eliminate public exposure. Block POST requests to the '/api/v1/validate/code' endpoint that contain the 'Content-Type: application/json' header and Python operators such as exec, Exception, import, print, or system in the request body.