CVE-2025-3248 - RCE flaw in Langflow framework for building AI agents exploited by attackers

CVSS Base Score: 9.8 CRITICAL 

The vulnerability is tracked as CVE-2025-3248 and is a critical unauthenticated RCE flaw within Langflow, a popular framework for building AI workflows, that allows any attacker on the internet to take full control of vulnerable Langflow servers on versions prior to 1.3.0, by exploiting an API endpoint flaw, in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. 

Langflow is an open-source, Python-based app that allows users to create AI agents (e.g., chatbots assistants) and workflows without actually writing any code. Instead, they simply drag, drop and chain LLM components and add the necessary inputs. 

The tool, which has nearly 60k stars and 6.3k forks on GitHub, is used by AI developers, researchers, and startups, for prototyping chatbots, data pipelines, agent systems, and AI applications. 

Research from Horizon3 warns on the chances of exploitation for CVE-2025-3248, identifying at least 500 which are internet exposed instances at the time of writing. 

Note that CISA has indicated that there is evidence this vulnerability is being exploited in the wild. 

Recommended Mitigation: 

CVE-2025-3248 was fixed in version 1.3.0, released on April 1, 2025, so it's recommended to immediately upgrade to that version or later to mitigate the risks that arise from the flaw. 

CISA has given federal agencies until May 26, 2025, to apply the security update or mitigations or stop using the software 

If you are currently or have been vulnerable to this exploitation, please feel free to reach out to Integrity360 for more advice. We are monitoring the situation and will provide more updates as they arise. 

Reference: 

This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see:  

• https://github.com/advisories/GHSA-c995-4fw3-j39m 

• https://www.cisa.gov/news-events/alerts/2025/05/05/cisa-adds-one-known-exploited-vulnerability-catalog 

• https://www.cisa.gov/news-events/directives/bod-22-01-reducing-significant-risk-known-exploited-vulnerabilities 

• https://horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/ 

• https://www.bleepingcomputer.com/news/security/critical-langflow-rce-flaw-exploited-to-hack-ai-app-servers/ 

• https://cwe.mitre.org/data/definitions/306 

 If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.