“Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests,” CISA stated in its advisory. Security firm Horizon3.ai, which discovered and reported the vulnerability in February 2025, described it as “easily exploitable” and warned that it provides unauthenticated attackers with the ability to take complete control of vulnerable Langflow servers. The vulnerability, identified as CVE-2025-3248, allows unauthenticated remote attackers to execute arbitrary code on vulnerable servers running the popular open-source AI workflow platform. Security researcher VeryLazyTech published a more detailed exploit on April 17, demonstrating how attackers can execute remote commands on vulnerable Langflow instances. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. CISA has added a critical Langflow vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. Censys, an attack surface management platform, has identified approximately 466 internet-exposed Langflow instances globally, with most concentrated in the United States, Germany, Singapore, India, and China. According to security researchers, the flaw exists in the /api/v1/validate/code endpoint which improperly invokes Python’s built-in exec() function on user-supplied code without adequate authentication or sandboxing. Organizations using Langflow should take immediate action by applying vendor-provided mitigations, following applicable BOD 22-01 guidance for cloud services, or discontinuing use of the product if mitigations are unavailable. Organizations using affected versions should immediately upgrade to Langflow 1.3.0 or implement network-level protections to restrict access to vulnerable endpoints.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 06 May 2025 10:25:08 +0000