Langflow Hit by Privilege Escalation Flaw: CVE-2025-57760

The Langflow project has issued an important security advisory regarding a newly discovered vulnerability that poses a severe risk to organizations deploying AI-powered workflows. Tracked as CVE-2025-57760 with a CVSS score of 8.8, the flaw enables authenticated attackers to escalate privileges to full superuser access, effectively taking over the entire Langflow instance.

According to the advisory, the vulnerability occurs because “an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account.”

At the core of the issue lies Langflow’s Docker image, which includes a CLI binary located at /app/.venv/bin/langflow. This binary exposes sensitive commands — most critically, langflow superuser. The advisory notes: “This command allows creation of a new superuser without checking whether one already exists.” When combined with remote code execution (RCE) via the /api/v1/validate/code endpoint, even a low-privileged user could create a reverse shell and promote themselves to administrator .

The impact of this escalation is far-reaching. A successful exploit leads to “full compromise of the Langflow application”, including access to all user data, flows, stored credentials, and configurations. Attackers could extract API keys, leak environment variables from the Docker container, and even spin up new Langflow instances within the environment — potentially exhausting resources and degrading services .

Alarmingly, the advisory confirms that all Langflow versions prior to 1.5.1 are affected, and as of publication, no patched version is available. This leaves organizations running Langflow particularly exposed if proper mitigations are not applied .

For now, administrators are strongly advised to restrict access to Langflow deployments, monitor for suspicious activity in Docker containers, and limit use of the vulnerable /api/v1/validate/code endpoint. Given the critical nature of the flaw, patching should be prioritized immediately once an update is released.

Related Posts:

• Critical Vulnerability Exposes Langflow Servers to Full Compromise
• Langflow Under Attack: CISA Warns of Active Exploitation of CVE-2025-3248
• Langflow Under Attacks: CVE-2025-3248 Exploited to Deliver Stealthy Flodrix Botnet
• Linux Kernel Vulnerability Exposes Local Systems to Privilege Escalation, PoC Published

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Do Son

Do Son (aka Ddos) is a seasoned news reporter, bringing over a decade of expertise to the forefront of cyber security and technology reporting. My work provides timely and insightful analysis of emerging trends and critical developments in these rapidly evolving sectors.