20 matches found
Langflow 1.2.x - Remote Code Execution (RCE)
!/usr/bin/env python3 Exploit Title: Langflow 1.2.x - Remote Code Execution RCE Date: 2025-07-11 Exploit Author: Raghad Abdallah Al-syouf Vendor Homepage: https://github.com/logspace-ai/langflow Software Link: https://github.com/logspace-ai/langflow/releases Version: = 1.2.x Tested on: Ubuntu /...
Exploit for Code Injection in Langflow
CVE-2025-3248 - Langflow Code Validation Endpoint RCE A proof...
Exploit for Code Injection in Langflow
⚠️ Langflow RCE Exploit Scanner CVE-2025-3248 This Python-b...
Exploit for Code Injection in Langflow
Langflow CVE-2025-3248 Exploit Tool !Severityhttps://img.s...
Exploit for Code Injection in Langflow
Langflow RCE Exploit CVE-2025-3248 !Python Versionhttps:...
Exploit for Code Injection in Langflow
CVE-2025-3248 Langflow RCE Scanner 🔍 Description A powerf...
Exploit for Code Injection in Langflow
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langf...
Exploit for Code Injection in Langflow
CVE-2025-3248 — Langflow RCE Exploit Remote Code Execution R...
Exploit for Code Injection in Langflow
Langflow CVE-2025-3248 Exploit A Python-based exploit for CVE...
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
Cybersecurity researchers have called attention to a new campaign that's actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. "Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn...
Exploit for Code Injection in Langflow
mitsec - CVE-2025-3248 Langflow RCE Exploit Remote Code Execu...
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet
This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data...
Exploit for Code Injection in Langflow
CVE-2025-3248 !https://img.shields.io/badge/license-MIT-blu...
Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence
A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities KEV catalog by the U.S. Cybersecurity and Infrastructure Security Agency CISA, citing evidence of active exploitation. The vulnerability, tracked as...
Exploit for Code Injection in Langflow
CVE-2025-3248 Langflow is a low-code platform primarily us...
Langflow 1.3.0 - Remote Code Execution (RCE)
Exploit Title: Langflow 1.3.0 - Remote Code Execution RCE Date: 2025-04-17 Exploit Author: VeryLazyTech Vendor Homepage: http://www.langflow.org/ Software Link: https://github.com/langflow-ai/langflow Version: Langflow 1.3.0 Tested on: Windows Server 2019 CVE: CVE-2025-3248 CVE-2025-3248 - Remote...
Exploit for Code Injection in Langflow
POC - Remote and unauthenticated attacker can send crafted HTT...
Langflow /api/v1/validate/code command injection
Added: 04/11/2025 CVE: CVE-2025-3248 Background Langflow is a low-code tool for building AI agents and workflows. Problem A command injection vulnerability in the /api/v1/validate/code API endpoint could allow a remote unauthenticated attacker to execute arbitrary commands by sending a specially...
Exploit for Code Injection in Langflow
CVE-2025-3248-POC POC of CVE-2025-...
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code...