A critical security flaw affecting the open-source Langflow platform has recently been disclosed and added to the Known Exploited Vulnerabilities catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability, known as CVE-2025-3248, has a CVSS score of 9.8 out of 10. According to CISA, the flaw allows remote, unauthenticated attackers to execute arbitrary code via crafted HTTP requests.
The vulnerability lies in the /api/v1/validate/code endpoint of Langflow, where it improperly invokes Python’s exec() function on user-supplied code without proper authentication or sandboxing. This flaw enables attackers to execute arbitrary commands on the server. The issue has been addressed in version 1.3.0 of Langflow, released on March 31, 2025, after being discovered and reported by Horizon3.ai in February.
Horizon3.ai has described the vulnerability as easily exploitable, allowing unauthenticated remote attackers to take control of Langflow servers. A proof-of-concept exploit for this flaw has been made publicly available by other researchers as of April 9, 2025. Data from Censys shows that there are 466 internet-exposed Langflow instances, with a significant number located in the United States, Germany, Singapore, India, and China.
The potential impact of this vulnerability in real-world attacks, as well as the motives behind its exploitation, are currently unknown. Federal Civilian Executive Branch agencies have until May 26, 2025, to apply the necessary fixes. Zscaler has emphasized the importance of secure authentication and sandboxing measures in code validation features, especially for applications exposed to the internet. This incident serves as a critical reminder for organizations to approach code validation with caution.
Source link