Post

CISA Adds Critical Langflow Flaw to Known Exploited Vulnerabilities Catalog

Posted
By Tom Grant
1 min read
CISA Adds Critical Langflow Flaw to Known Exploited Vulnerabilities Catalog

TL;DR

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow flaw (CVE-2025-3248) to its Known Exploited Vulnerabilities (KEV) catalog. This code injection vulnerability allows unauthenticated attackers to execute arbitrary code, impacting versions prior to 1.3.0. Users are advised to upgrade immediately.

CISA Adds Critical Langflow Flaw to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Langflow to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-3248, the flaw has a CVSS score of 9.8, indicating a severe threat.

Langflow Overview

Langflow is a popular tool widely used for building agentic AI workflows. The identified vulnerability, CVE-2025-3248, is a code injection flaw in the /api/v1/validate/code endpoint. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary code by sending crafted HTTP requests, impacting all versions prior to 1.3.0.

Vulnerability Details

Researchers from Horizon3.ai discovered the vulnerability and highlighted its ease of exploitation. The flaw enables attackers to execute remote code and even land a Python reverse shell on vulnerable hosts.

Langflow Vulnerability

Exploitation and Mitigation

After the CVE was published, another researcher demonstrated a Proof of Concept (POC) exploit that abused default arguments in Python functions. According to Censys, over 500 instances of Langflow are exposed on the internet, making immediate updates crucial.

CISA Directive

Under the Binding Operational Directive (BOD) 22-01, federal agencies are required to address the identified vulnerabilities by May 26, 2025, to protect their networks. Private organizations are also advised to review the KEV catalog and address vulnerabilities in their infrastructure.

Conclusion

The discovery and addition of CVE-2025-3248 to CISA’s KEV catalog underscore the importance of prompt security updates. Organizations using Langflow should upgrade to version 1.3.0 or later to mitigate the risk of exploitation. Staying informed about such vulnerabilities is crucial for maintaining robust cybersecurity defenses.

Additional Resources

For further insights, check:

References

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity vulnerability rce
This post is licensed under CC BY 4.0 by the author.