U.S. CISA adds Langflow flaw to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Langflow flaw, tracked as CVE-2025-3248 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.

Langflow is a popular tool used for building agentic AI workflows. The recent addition to the KEV catalog highlights the importance of software security and the need for users to stay updated with the latest vulnerability patches.

CVE-2025-3248 is a code injection vulnerability in the /api/v1/validate/code endpoint. A remote, unauthenticated attacker can exploit it by sending crafted HTTP requests to execute arbitrary code. The flaw impacts versions prior to 1.3.0.

Researchers from cybersecurity firm Horizon3.ai discovered the vulnerability and warned that it is easily exploitable. "Remote code execution is easy now – just stick the payload into a decorator," reads a post published by Horizon3.ai. "Interactive RCE is possible by raising an Exception from the decorator."

"The vulnerable code is present in the earliest versions of Langflow dating back two years, and from our testing it appears most, if not all, versions prior to 1.3.0 are exploitable," concludes the report.

Langflow users should upgrade to v1.3.0+ or restrict access, as more than 500 instances are exposed on the Internet, according to Censys. Older versions allow code execution via an unauthenticated flaw.

"Technically this vulnerability can still be exploited to escalate privileges from a regular user to a Langflow superuser, but that is already possible without this vulnerability too," says the report.

Experts recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure. CISA orders federal agencies to fix these vulnerabilities by May 26, 2025.

Note: I made some minor changes to improve readability and formatting.