Ddos 
Image: Horizon3.ai
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2025-3248 to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. This high-severity flaw, with a CVSS score of 9.8, affects Langflow, a popular Python-based platform used to visually build AI agents and workflows.
Security researcher Naveen Sunkavally at Horizon3.ai discovered this easily exploitable flaw. Langflow, a Python-based web application renowned for its visual interface for building AI-driven agents and workflows, suffers from a critical missing authentication vulnerability.
The core issue resides in an unauthenticated API endpoint (/api/v1/validate/code). This endpoint improperly utilizes Python’s exec function on untrusted user input. While Langflow legitimately allows authenticated users to modify and execute Python code, CVE-2025-3248 exposes this capability to unauthenticated attackers.
Attackers can inject malicious code, such as a Python reverse shell, into decorators or function’s default arguments, achieving remote code execution. The consequences of successful exploitation are dire, enabling attackers to fully compromise Langflow servers and potentially leading to data breaches, system disruption, and other malicious activities.
The ease of exploitation is underscored by a one-liner exploit that can retrieve a Langflow server’s environment variables, potentially exposing stored credentials:
Horizon3.ai has also released a Nuclei detection template to aid security researchers in identifying vulnerable Langflow instances by checking for contents from /etc/passwd.
The vulnerability is addressed in Langflow version 1.3.0. Given the active exploitation of CVE-2025-3248, CISA has issued a directive requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary patches by May 26, 2025, to secure their networks.
Donate