Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.
PoC: langflow-rce-exploit
Remote Code Execution Exploit for Langflow (CVE-2025-3248) - [ By S4Tech ]
PoC: CVE-2025-3248-Langflow-RCE
CVE-2025-3248 Langflow RCE Exploit
PoC: cve-2025-3248-exploit
A comprehensive Python exploitation framework for testing and demonstrating CVE-2025-3248, a critical unauthenticated remote code execution vulnerability in Langflow versions ≤ 1.3.0.
PoC: Mass-CVE-2025-3248
Mass-CVE-2025-3248
PoC: CVE-2025-3248-Scanner
Powerful unauthenticated RCE scanner for CVE-2025-3248 affecting Langflow < 1.3.0
PoC: CVE-2025-3248
Scanner and exploit for CVE-2025-3248
PoC: CVE-2025-3248-langflow-RCE
CVE-2025-3248 Langflow 사전 인증 원격 코드 실행 취약점 PoC
PoC: langflow-cve-2025-3248
Langflow at pre-CVE-2025-3248 fix commit for variant analysis benchmarking
PoC: cve-2025-3248
Langflow 在对用户提交的“验证代码”做 AST 解析和编译时,在未做鉴权与沙箱限制的情况下调用了 Python 的 compile()/exec()(以及在编译阶段会评估函数默认参数与装饰器),攻击者可把恶意载荷放在参数默认值或装饰器里,借此在服务器上下文中执行任意语句(反弹 shell、下载器、横向移动等)
PoC: CVE-2025-3248
PoC for achieving RCE in Langflow versions <1.3.0
PoC: CVE-2025-3248
Langflow Remote Code Execution
PoC: CVE-2025-3248
CVE-2025-3248
PoC: Langflow-CVE-2025-3248-Multi-target
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
PoC: CVE-2025-3248
CVE-2025-3248
PoC: Blackash-CVE-2025-3248
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage
PoC: CVE-2025-3248
CVE-2025-3248 — Langflow RCE Exploit
PoC: CVE-2025-3248
Exploit for Langflow AI Remote Code Execution (Unauthenticated)
PoC: RCE-CVE-2025-3248
This Python script exploits CVE-2025-3248 to execute arbitrary commands or spawn a reverse shell on a vulnerable system. Authentication is required to use this exploit.
PoC: CVE-2025-3248
Perform Remote Code Execution using vulnerable API endpoint.
PoC: CVE-2025-3248
CVE-2025-3248: A critical flaw has been discovered in Langflow that allows malicious actors to execute arbitrary Python code on the target system. This can lead to full remote code execution without authentication, potentially giving attackers control over the server.
PoC: CVE-2025-3248-POC
POC of CVE-2025-3248, RCE of LangFlow
PoC: CVE-2025-3248
A vulnerability scanner for CVE-2025-3248 in Langflow applications. 用于扫描 Langflow 应用中 CVE-2025-3248 漏洞的工具。
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free