CVE-2025-3248CISA KEV: Actively Exploited

Langflow Missing Authentication Vulnerability

Published May 5, 2025·Updated May 5, 2025

Description

Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.

Public Exploits & PoCs22 found

PoC: langflow-rce-exploit

Remote Code Execution Exploit for Langflow (CVE-2025-3248) - [ By S4Tech ]

2

PoC: CVE-2025-3248-Langflow-RCE

CVE-2025-3248 Langflow RCE Exploit

2

PoC: cve-2025-3248-exploit

A comprehensive Python exploitation framework for testing and demonstrating CVE-2025-3248, a critical unauthenticated remote code execution vulnerability in Langflow versions ≤ 1.3.0.

1

PoC: Mass-CVE-2025-3248

Mass-CVE-2025-3248

1

PoC: CVE-2025-3248-Scanner

Powerful unauthenticated RCE scanner for CVE-2025-3248 affecting Langflow < 1.3.0

1

PoC: CVE-2025-3248

Scanner and exploit for CVE-2025-3248

1

PoC: CVE-2025-3248-langflow-RCE

CVE-2025-3248 Langflow 사전 인증 원격 코드 실행 취약점 PoC

1

PoC: langflow-cve-2025-3248

Langflow at pre-CVE-2025-3248 fix commit for variant analysis benchmarking

PoC: cve-2025-3248

Langflow 在对用户提交的“验证代码”做 AST 解析和编译时,在未做鉴权与沙箱限制的情况下调用了 Python 的 compile()/exec()(以及在编译阶段会评估函数默认参数与装饰器),攻击者可把恶意载荷放在参数默认值或装饰器里,借此在服务器上下文中执行任意语句(反弹 shell、下载器、横向移动等)

PoC: CVE-2025-3248

PoC for achieving RCE in Langflow versions <1.3.0

PoC: CVE-2025-3248

Langflow Remote Code Execution

PoC: CVE-2025-3248

CVE-2025-3248

PoC: Langflow-CVE-2025-3248-Multi-target

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

PoC: CVE-2025-3248

CVE-2025-3248

PoC: Blackash-CVE-2025-3248

CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage

PoC: CVE-2025-3248

CVE-2025-3248 — Langflow RCE Exploit

PoC: CVE-2025-3248

Exploit for Langflow AI Remote Code Execution (Unauthenticated)

PoC: RCE-CVE-2025-3248

This Python script exploits CVE-2025-3248 to execute arbitrary commands or spawn a reverse shell on a vulnerable system. Authentication is required to use this exploit.

PoC: CVE-2025-3248

Perform Remote Code Execution using vulnerable API endpoint.

PoC: CVE-2025-3248

CVE-2025-3248: A critical flaw has been discovered in Langflow that allows malicious actors to execute arbitrary Python code on the target system. This can lead to full remote code execution without authentication, potentially giving attackers control over the server.

PoC: CVE-2025-3248-POC

POC of CVE-2025-3248, RCE of LangFlow

PoC: CVE-2025-3248

A vulnerability scanner for CVE-2025-3248 in Langflow applications. 用于扫描 Langflow 应用中 CVE-2025-3248 漏洞的工具。

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free