Vulnerability Database
296,760
Total vulnerabilities in the database
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
| Software | From | Fixed in |
|---|---|---|
langflow
|
- | 1.3.0 |
| langflow / langflow | - | 1.3.0 |
|
langflow-base
|
- | 0.3.0 |
- https://github.com/langflow-ai/langflow/commit/faac4db133de32fcb6d483fa9ff52f40ce42bdc0
- https://github.com/langflow-ai/langflow/pull/6911
- https://github.com/langflow-ai/langflow/releases/tag/1.3.0
- https://github.com/langflow-ai/langflow/security/advisories/GHSA-rvqx-wpfh-mfx7
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3248
- https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai
- https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime