Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2025-3248

Description

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrarycode.

POC

Reference

- https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/

Github

- https://github.com/0-d3y/langflow-rce-exploit

- https://github.com/0ctf/vulhub

- https://github.com/0xgh057r3c0n/CVE-2025-3248

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/AmokNepal/langflow

- https://github.com/AngelPalominoF/Buho-IA

- https://github.com/AngelPalominoF/Martina-IA

- https://github.com/B1ack4sh/Blackash-CVE-2025-3248

- https://github.com/CloudGeometry/LangBuilder

- https://github.com/EQSTLab/CVE-2025-3248

- https://github.com/Health-Copilot-AI/langflow

- https://github.com/J1ezds/Vulnerability-Wiki-page

- https://github.com/J4c0b-1337x007/ethical-exploit-playground

- https://github.com/JeenAI-Team/Langflow-Jeen

- https://github.com/JeenAI-Team/Langflow-Ngnix

- https://github.com/JeenAI-Team/langflows_v2

- https://github.com/Lern0n/Lernon-POC

- https://github.com/MatDupas/Custom-Nmap-Scripts

- https://github.com/Pawan22104168/Langflow_UI

- https://github.com/Praison001/CVE-2025-3248

- https://github.com/PuddinCat/CVE-2025-3248-POC

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/Rahu7p/MyLangflow

- https://github.com/Tetsuro-Copa/langflow

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Threekiii/CVE

- https://github.com/Vip3rLi0n/CVE-2025-3248

- https://github.com/a1batr0ssG/VulhubExpand

- https://github.com/adolfcg/mixtli25

- https://github.com/aloewright/langflow

- https://github.com/arsharma2005/adding-button

- https://github.com/aryan-spanda/langflow-main

- https://github.com/autocode07/langflow-ai__langflow.087c1a25

- https://github.com/autocode07/langflow-ai__langflow.b093c1fa

- https://github.com/charlesin4g/langflow-main

- https://github.com/codevakure/lu-edit

- https://github.com/dennisec/Mass-CVE-2025-3248

- https://github.com/eeeeeeeeee-code/POC

- https://github.com/galgantar/langflow-cve

- https://github.com/ill-deed/Langflow-CVE-2025-3248-Multi-target

- https://github.com/imbas007/CVE-2025-3248

- https://github.com/issamjr/CVE-2025-3248-Scanner

- https://github.com/khulnasoft-lab/AiEXEC

- https://github.com/khulnasoft/aiexec

- https://github.com/langflow-ai/langflow

- https://github.com/min8282/CVE-2025-3248

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/nvn1729/advisories

- https://github.com/oLy0/Vulnerability

- https://github.com/packetinside/CISA_BOT

- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/preemware/langflow-exploit

- https://github.com/r0otk3r/CVE-2025-3248

- https://github.com/seokjea/whs

- https://github.com/tanjiti/sec_profile

- https://github.com/tiemio/RCE-CVE-2025-3248

- https://github.com/ums91/CISA_BOT

- https://github.com/verylazytech/CVE-2025-3248

- https://github.com/vigilante-1337/CVE-2025-3248

- https://github.com/vulhub/vulhub

- https://github.com/waldirjunior/teste-context-langflow

- https://github.com/wand3rlust/CVE-2025-3248

- https://github.com/xuemian168/CVE-2025-3248

- https://github.com/ynsmroztas/CVE-2025-3248-Langflow-RCE

- https://github.com/zapstiko/CVE-2025-3248