Latest Langflow vulnerability #

A vulnerability has been discovered in Langflow, a popular framework for building AI workflows. This vulnerability, designated CVE-2025-3248 has a CVSS score of 9.8 (critical). Successfully exploiting this vulnerability would allow a remote, unauthenticated attacker to execute arbitrary code on the vulnerable system.

Note that CISA has indicated that there is evidence this vulnerability is being exploited in the wild.

What is the impact? #

Successful exploitation of this vulnerability would allow an attacker to execute arbitrary code on the vulnerable system with the privileges of the Langflow process. This vulnerability is exploitable remotely and without authentication.

Are updates available? #

The Langflow project has released version 1.3.0 to address this vulnerability and urges all users to upgrade to that or a later version as quickly as possible.

How do I find potentially vulnerable Langflow installations with runZero? #

Vulnerable devices can be found by navigating to the Software Inventory and using the following query:

_asset.protocol:http AND product:Langflow AND (version:>0 AND version:<1.3.0)

Written by Tom Sellers

Tom Sellers is a Principal Research Engineer at runZero. In his 25 years in IT and Security he has built, broken, and defended networks for companies in the finance, service provider, and security software industries. He has built and operated Internet scale scanning and honeypot projects. He is credited on many patents for network deception techonology. A strong believer in Open Source he has contributed to projects such as Nmap, Metasploit, and Recog.

More about Tom Sellers

Written by Rob King

Rob King is the Director of Security Research at runZero. Over his career Rob has served as a senior researcher with KoreLogic, the architect for TippingPoint DVLabs, and helped get several startups off the ground. Rob helped design SC Magazine's Data Leakage Prevention Product of the Year for 2010, and was awarded the 3Com Innovator of the Year Award in 2009. He has been invited to speak at BlackHat, Shmoocon, SANS Network Security, and USENIX.

More about Rob King
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

See Results in Minutes

See & secure your total attack surface. Even the unknowns & unmanageable.

Discover the new era of exposure management!