CVE-2025-3248

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Published: Jun 17, 2025
Updated: Aug 11, 2025
CVE: CVE-2025-3248
GHSA: GHSA-c995-4fw3-j39m
Severity: Critical
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-94
CWE-306

Affected Software
References

Software	From	Fixed in
langflow	-	1.3.0
langflow / langflow	-	1.3.0
langflow-base	-	0.3.0

https://github.com/langflow-ai/langflow/commit/faac4db133de32fcb6d483fa9ff52f40ce42bdc0
https://github.com/langflow-ai/langflow/pull/6911
https://github.com/langflow-ai/langflow/releases/tag/1.3.0
https://github.com/langflow-ai/langflow/security/advisories/GHSA-rvqx-wpfh-mfx7
https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai
https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/

Vulnerability Database

CVE-2025-3248