Langflow < 1.3.0 Unauthenticated Remote Code Execution (CVE-2025-3248)
Overview
Langflow < 1.3.0 Unauthenticated Remote Code Execution, tracked as CVE-2025-3248, affects Langflow, an open-source platform for building AI workflows and agents. The issue exposes a critical code execution path to unauthenticated remote attackers.
Vulnerability Overview
CVE-2025-3248 is a code injection vulnerability in Langflow versions before 1.3.0. The vulnerable behavior is associated with the code validation endpoint, where user-supplied input can reach Python execution behavior without the expected authentication and isolation controls.
Because Langflow is commonly deployed as a web application for composing workflows, an exposed vulnerable instance can turn an application feature into direct server-side code execution.
Impact
The vulnerability is rated Critical with a CVSS 3.1 score of 9.8. Successful exploitation can allow a remote unauthenticated attacker to execute arbitrary code, compromise application data, access stored secrets, and affect the availability of the Langflow service.
CVE-2025-3248 is listed in CISA KEV, which indicates known exploitation and makes internet-facing Langflow deployments a priority for remediation.
Vulnerability Scope
NVD lists Langflow versions before 1.3.0 as affected. The issue is most serious when Langflow is reachable from untrusted networks and the vulnerable validation functionality is exposed.
Administrators should upgrade to Langflow 1.3.0 or later, review deployment exposure, and rotate credentials or API keys that may have been accessible from a compromised instance.
Lab Focus
This Hackviser lab focuses on understanding how missing authentication around code validation can become unauthenticated remote code execution. You will practice identifying vulnerable Langflow exposure, interpreting CVE scope, and connecting AI workflow platform risk to patching and secret hygiene.