admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 02:31:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/Langflow Code Execution Vulnerability (CVE-2025-3248).md

15 lines
1.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

**Updated document date: April 9, 2025**
## Langflow /api/v1/validate/code Code Execution Vulnerability (CVE-2025-3248)
| **Vulnerability** | Langflow /api/v1/validate/code Code Execution Vulnerability (CVE-2025-3248)|
| :----: | :-----|
| **Chinese name** | Langflow /api/v1/validate/code 代码执行漏洞CVE-2025-3248 |
| **CVSS core** | 7.80 |
| **FOFA Query** (click to view the results directly)| [product="LOGSPACE-LangFlow"]
| **Number of assets affected** | 2448 |
| **Description** |LangFlow is a low-code visual AI application development tool based on Python, focusing on the development of Multi-Agent AI, Prompt Engineering, and Retrieval-Augmented Generation (RAG) applications. Versions prior to 1.3.0 are vulnerable to code injection in the /api/v1/validate/code endpoint. Remote and unauthenticated attackers can send crafted HTTP requests to execute arbitrary code.|
| **Impact** | Versions prior to 1.3.0 are vulnerable to code injection in the /api/v1/validate/code endpoint. Remote and unauthenticated attackers can send crafted HTTP requests to execute arbitrary code, potentially leading to full server control.|
| **Affected versions** | <1.3.0
![](https://s3.bmp.ovh/imgs/2025/04/09/01613b486fcc5f6e.gif)
Reference in New Issue View Git Blame Copy Permalink