Emergency Security Bulletin: Langflow Missing Authentication Vulnerability

VULNERABILITIES:

Langflow Missing Authentication Vulnerability

CVSS Score: 9.8 (Critical)
Identifier: CVE-2025-3248
Exploit or Proof of Concept (PoC): Yes – https://github.com/Praison001/CVE-2025-3248
Update: CVE-2025-3248 – Langflow Security Advisory

Description:  CVE-2025-3248 is a critical remote code execution vulnerability in Langflow, an open-source platform for building AI-driven agents and workflows. The flaw arises from the absence of proper authentication in the /api/v1/validate/code endpoint, which improperly invokes Python's built-in exec() function on user-supplied code without adequate validation or sandboxing. This allows unauthenticated attackers to execute arbitrary commands on the server by sending crafted HTTP requests. The vulnerability affects all Langflow versions prior to 1.3.0.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-3248 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Security researchers have observed exploit attempts originating from TOR exit nodes, with attackers attempting to retrieve sensitive files such as /etc/passwd. Proof-of-concept exploits have been publicly released, and the vulnerability is considered easily exploitable.

Mitigation Recommendation: Administrators are strongly advised to update Langflow to version 1.3.0 or later, which addresses this vulnerability by requiring authentication for the affected endpoint. If immediate patching is not feasible, it is recommended to restrict access to the /api/v1/validate/code endpoint via firewall rules to trusted IP addresses and monitor systems for any unusual activity.

Note: Given the critical severity of this vulnerability and its active exploitation in the wild, prompt action is essential to secure affected systems. Regularly reviewing and applying security updates is vital to maintaining the integrity and security of your infrastructure.