CVE-2025-3248

CRITICALNVD 9.89.8—Trending — 3 sources updated this weekExploited in the wild

9.8

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

CVSS v3: 9.8
EG Score: 9.8(high)
EPSS: 99.8%
KEV: ⚠ Exploited

Published

April 7, 2025

Last Modified

November 6, 2025

Advisory Details (5)

Auto-updated May 31, 2026

⚠️ Active exploitation confirmed. Patch available. Sources: github_pr, github_release, cisa.

cisa Patch Available🔴 Active Exploitation

Known Exploited Vulnerabilities Catalog | CISA

Known Exploited Vulnerabilities Catalog | CISA. Listed in CISA Known Exploited Vulnerabilities catalog.

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-3248

generic

Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code | Advisories | VulnCheck

https://www.vulncheck.com/advisories/langflow-unauthenticated-rce

generic

Unsafe at Any Speed: Abusing Python Exec for Unauth RCE | Horizon3.ai

https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/

github_release Patch Available

1.3.0

Patch available: langflow-ai/langflow 1.3.0

https://github.com/langflow-ai/langflow/releases/tag/1.3.0

github_pr

fix: auth current user on code validation

Fix merged in langflow-ai/langflow PR #6911 on 2025-03-05 — awaiting tagged release

https://github.com/langflow-ai/langflow/pull/6911

Affected Packages

(2 across 1 ecosystem)

PyPI(2)

Package	Vulnerable range	Fixed in	Dependents
langflow	0.0.31 ... 1.2.0 (253 versions)	1.3.0	—
langflow-base	0.0.13 ... 0.2.0 (93 versions)	0.3.0	—

Weakness Classification(2)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

Data Freshness Timeline

(refreshed 20× in last 7d / 20× in last 30d)

Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.

2026-06-03 17:06 UTCEG score recompute
2026-06-03 13:27 UTCEG score recompute
2026-06-03 09:48 UTCEG score recompute
2026-06-03 06:09 UTCEG score recompute
2026-06-03 02:31 UTCEG score recompute
2026-06-02 22:52 UTCEG score recompute
2026-06-02 19:13 UTCEG score recompute
2026-06-02 18:32 UTCkev_newly_listed
2026-06-02 15:35 UTCEG score recompute
2026-06-02 11:56 UTCEG score recompute
2026-06-02 08:18 UTCEG score recompute
2026-06-02 04:39 UTCEG score recompute
2026-06-02 01:00 UTCEG score recompute
2026-06-01 21:22 UTCEG score recompute
2026-06-01 20:42 UTCkev_newly_listed
2026-06-01 17:43 UTCEG score recompute
2026-06-01 14:04 UTCEG score recompute
2026-06-01 10:26 UTCEG score recompute
2026-06-01 06:47 UTCEG score recompute
2026-06-01 03:08 UTCEG score recompute

Publicly available exploits

(10 references)

Working exploit code is in the public domain (8 GitHub PoCs) (2 Exploit-DB entries). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.

GitHub PoCdrackyjr/cve-2025-3248-exploit
First seen Nov 20, 2025
A comprehensive Python exploitation framework for testing and demonstrating CVE-2025-3248, a critical unauthenticated remote code execution vulnerability in Langflow versions ≤ 1.3.0.
Open source ↗
Exploit-DBEDB-52364
First seen Jul 16, 2025
Langflow 1.2.x - Remote Code Execution (RCE)
Open source ↗
GitHub PoCdennisec/Mass-CVE-2025-3248
First seen Jun 23, 2025
Mass-CVE-2025-3248
Open source ↗
GitHub PoC0-d3y/langflow-rce-exploit
First seen Jun 23, 2025
Remote Code Execution Exploit for Langflow (CVE-2025-3248) - [ By S4Tech ]
Open source ↗
GitHub PoCynsmroztas/CVE-2025-3248-Langflow-RCE
First seen Jun 17, 2025
CVE-2025-3248 Langflow RCE Exploit
Open source ↗
GitHub PoCvigilante-1337/CVE-2025-3248
First seen May 13, 2025
CVE-2025-3248: A critical flaw has been discovered in Langflow that allows malicious actors to execute arbitrary Python code on the target system. This can lead to full remote code execution without authentication, potentially giving attackers control over the server.
Open source ↗
Exploit-DBEDB-52262
First seen Apr 18, 2025
Langflow 1.3.0 - Remote Code Execution (RCE)
Open source ↗
GitHub PoCverylazytech/CVE-2025-3248
First seen Apr 16, 2025
Open source ↗
GitHub PoCxuemian168/CVE-2025-3248
First seen Apr 10, 2025
A vulnerability scanner for CVE-2025-3248 in Langflow applications. 用于扫描 Langflow 应用中 CVE-2025-3248 漏洞的工具。
Open source ↗
GitHub PoCPuddinCat/CVE-2025-3248-POC
First seen Apr 10, 2025
POC of CVE-2025-3248, RCE of LangFlow
Open source ↗

Frequently asked(6)

What is CVE-2025-3248?

CVE-2025-3248 is a critical vulnerability published on April 7, 2025. Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

When was CVE-2025-3248 disclosed?

CVE-2025-3248 was first published in the National Vulnerability Database on April 7, 2025, with the most recent update on November 6, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2025-3248 actively exploited?

Yes. CISA added CVE-2025-3248 to the Known Exploited Vulnerabilities catalog on May 5, 2025, affecting Langflow Langflow. KEV listing indicates confirmed exploitation in the wild; this CVE warrants immediate patching attention.

What is the CVSS score of CVE-2025-3248?

CVE-2025-3248 has a CVSS v3 base score of 9.8 (NVD).

Which products are affected by CVE-2025-3248?

CVE-2025-3248 affects Langflow Langflow. The full affected-products list, including version ranges and fixed versions, is shown in the Affected Packages section of this page.

How do I remediate CVE-2025-3248?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2025-3248, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2025-3248

Explore →

Is Your Infrastructure Affected by CVE-2025-3248?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2025-3248

📅 Published

🔄 Last Modified

📋 Advisory Details (5)