admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 01:40:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create Langflow Code Execution Vulnerability (CVE-2025-3248).md

Browse Source
This commit is contained in:
Goby 2025-04-09 20:18:25 +08:00 committed by GitHub
parent e9f9732284
commit 5ab262fe50
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Langflow Code Execution Vulnerability (CVE-2025-3248).md Normal file
View File

@ -0,0 +1,14 @@
**Updated document date: April 9, 2025**
## Langflow /api/v1/validate/code Code Execution Vulnerability (CVE-2025-3248)
| **Vulnerability** | Langflow /api/v1/validate/code Code Execution Vulnerability (CVE-2025-3248)|
| :----: | :-----|
| **Chinese name** | Langflow /api/v1/validate/code 代码执行漏洞CVE-2025-3248 |
| **CVSS core** | 7.80 |
| **FOFA Query** (click to view the results directly)| [product="LOGSPACE-LangFlow"]
| **Number of assets affected** | 2448 |
| **Description** |LangFlow is a low-code visual AI application development tool based on Python, focusing on the development of Multi-Agent AI, Prompt Engineering, and Retrieval-Augmented Generation (RAG) applications. Versions prior to 1.3.0 are vulnerable to code injection in the /api/v1/validate/code endpoint. Remote and unauthenticated attackers can send crafted HTTP requests to execute arbitrary code.|
| **Impact** | Versions prior to 1.3.0 are vulnerable to code injection in the /api/v1/validate/code endpoint. Remote and unauthenticated attackers can send crafted HTTP requests to execute arbitrary code, potentially leading to full server control.|
| **Affected versions** | <1.3.0
![](https://s3.bmp.ovh/imgs/2025/04/09/01613b486fcc5f6e.gif)