CVE-2025-57760
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.
| Software | From | Fixed in |
|---|---|---|
langflow
|
- | 1.5.0.x |
|
langflow-base
|
- | 1.5.0.x |
| langflow / langflow | - | 1.5.0 |
| langflow / langflow | 1.5.0-dev0 | 1.5.0-dev0.x |
| langflow / langflow | 1.5.0-dev1 | 1.5.0-dev1.x |
| langflow / langflow | 1.5.0-dev10 | 1.5.0-dev10.x |
| langflow / langflow | 1.5.0-dev11 | 1.5.0-dev11.x |
| langflow / langflow | 1.5.0-dev12 | 1.5.0-dev12.x |
| langflow / langflow | 1.5.0-dev13 | 1.5.0-dev13.x |
| langflow / langflow | 1.5.0-dev14 | 1.5.0-dev14.x |
| langflow / langflow | 1.5.0-dev15 | 1.5.0-dev15.x |
| langflow / langflow | 1.5.0-dev16 | 1.5.0-dev16.x |
| langflow / langflow | 1.5.0-dev17 | 1.5.0-dev17.x |
| langflow / langflow | 1.5.0-dev18 | 1.5.0-dev18.x |
| langflow / langflow | 1.5.0-dev19 | 1.5.0-dev19.x |
| langflow / langflow | 1.5.0-dev2 | 1.5.0-dev2.x |
| langflow / langflow | 1.5.0-dev20 | 1.5.0-dev20.x |
| langflow / langflow | 1.5.0-dev21 | 1.5.0-dev21.x |
| langflow / langflow | 1.5.0-dev22 | 1.5.0-dev22.x |
| langflow / langflow | 1.5.0-dev23 | 1.5.0-dev23.x |
| langflow / langflow | 1.5.0-dev24 | 1.5.0-dev24.x |
| langflow / langflow | 1.5.0-dev25 | 1.5.0-dev25.x |
| langflow / langflow | 1.5.0-dev26 | 1.5.0-dev26.x |
| langflow / langflow | 1.5.0-dev27 | 1.5.0-dev27.x |
| langflow / langflow | 1.5.0-dev28 | 1.5.0-dev28.x |
| langflow / langflow | 1.5.0-dev29 | 1.5.0-dev29.x |
| langflow / langflow | 1.5.0-dev3 | 1.5.0-dev3.x |
| langflow / langflow | 1.5.0-dev30 | 1.5.0-dev30.x |
| langflow / langflow | 1.5.0-dev31 | 1.5.0-dev31.x |
| langflow / langflow | 1.5.0-dev4 | 1.5.0-dev4.x |
| langflow / langflow | 1.5.0-dev5 | 1.5.0-dev5.x |
| langflow / langflow | 1.5.0-dev6 | 1.5.0-dev6.x |
| langflow / langflow | 1.5.0-dev7 | 1.5.0-dev7.x |
| langflow / langflow | 1.5.0-dev8 | 1.5.0-dev8.x |
| langflow / langflow | 1.5.0-dev9 | 1.5.0-dev9.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime