CVE-2025-57760NVD

Vulnerability Summary

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.

Severity Level

HIGH(8.8)

Published Date

Aug 25, 2025

Last Modified

Sep 3, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-269: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

http://github.com/langflow-ai/langflow/pull/9152
https://github.com/langflow-ai/langflow/commit/c188ec113c9ca46154ad01d0eded1754cc6bef97
https://github.com/langflow-ai/langflow/security/advisories/GHSA-4gv9-mp8m-592r

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-57760NVD

Vulnerability Summary

External References