Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence

Posted on By CWS

Could 06, 2025Ravie LakshmananCybersecurity / Vulnerability
A just lately disclosed crucial safety flaw impacting the open-source Langflow platform has been added to the Recognized Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Safety Company (CISA), citing proof of lively exploitation.
The vulnerability, tracked as CVE-2025-3248, carries a CVSS rating of 9.8 out of a most of 10.0.
“Langflow comprises a lacking authentication vulnerability within the /api/v1/validate/code endpoint that permits a distant, unauthenticated attacker to execute arbitrary code through crafted HTTP requests,” CISA stated.

Particularly, the endpoint has been discovered to improperly invoke Python’s built-in exec() operate on user-supplied code with out sufficient authentication or sandboxing, thereby permitting attackers to execute arbitrary instructions on the server.
The shortcoming, which impacts most variations of the favored device, has been addressed in model 1.3.0 launched on March 31, 2025. Horizon3.ai has been credited with discovering and reporting the flaw in February.

In response to the corporate, the vulnerability is “simply exploitable” and permits unauthenticated distant attackers to take management of Langflow servers. A proof-of-concept (PoC) exploit has since been made publicly out there as of April 9, 2025, by different researchers.

Information from assault floor administration platform Censys exhibits that there are 466 internet-exposed Langflow situations, with a majority of them concentrated in the USA, Germany, Singapore, India, and China.
It is at the moment not recognized how the vulnerability is being abused in real-world assaults, by whom, and for what function, though the SANS Expertise Institute stated it recorded exploit makes an attempt focusing on the flaw towards its honeypots. Federal Civilian Government Department (FCEB) companies have time till Could 26, 2025, to use the fixes.
“CVE-2025-3248 highlights the dangers of executing dynamic code with out safe authentication and sandboxing measures,” Zscaler famous final month. “This vulnerability serves as a crucial reminder for organizations to method code-validation options with warning, significantly in functions uncovered to the web.”
Replace
Assault floor administration platform Censys stated it has noticed 1,156 uncovered Langflow servers on-line, practically half of that are situated in the USA. Of those, 360 servers look like working a weak model. As many as 509 servers didn’t promote a model.

Discovered this text attention-grabbing? Observe us on Twitter  and LinkedIn to learn extra unique content material we submit.

The Hacker News Tags:, , , , , , , , ,

Related Posts

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure The Hacker News
Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools The Hacker News
SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords The Hacker News
Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users The Hacker News
OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors The Hacker News
How to Detect Phishing Attacks Faster: Tycoon2FA Example The Hacker News