GobyVuls/Langflow Code Execution Vulnerability (CVE-2025-3248).md at master - GobyVuls - 临风笛

admin/GobyVuls

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00

Goby 5ab262fe50

Create Langflow Code Execution Vulnerability (CVE-2025-3248).md

2025-04-09 20:18:25 +08:00

1.2 KiB

Raw Permalink Blame History

Updated document date: April 9, 2025

Langflow /api/v1/validate/code Code Execution Vulnerability (CVE-2025-3248)

Vulnerability	Langflow /api/v1/validate/code Code Execution Vulnerability (CVE-2025-3248)
Chinese name	Langflow /api/v1/validate/code 代码执行漏洞（CVE-2025-3248）
CVSS core	7.80
FOFA Query (click to view the results directly)	[product="LOGSPACE-LangFlow"]
Number of assets affected	2448
Description	LangFlow is a low-code visual AI application development tool based on Python, focusing on the development of Multi-Agent AI, Prompt Engineering, and Retrieval-Augmented Generation (RAG) applications. Versions prior to 1.3.0 are vulnerable to code injection in the /api/v1/validate/code endpoint. Remote and unauthenticated attackers can send crafted HTTP requests to execute arbitrary code.
Impact	Versions prior to 1.3.0 are vulnerable to code injection in the /api/v1/validate/code endpoint. Remote and unauthenticated attackers can send crafted HTTP requests to execute arbitrary code, potentially leading to full server control.
Affected versions	<1.3.0