Critical Langflow Vulnerability Added to CISA KEV List Amid Ongoing Exploitation Evidence

A significant security vulnerability has emerged within the open-source Langflow platform, prompting its inclusion in the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities catalog. This critical flaw, identified as CVE-2025-3248, has been actively exploited in various cyberattacks, as noted by reliable sources.

The identified vulnerability has been assigned a high CVSS score of 9.8 out of 10, indicating its severe nature. CISA detailed that the flaw exists due to a missing authentication check in the /api/v1/validate/code endpoint. This oversight allows remote, unauthenticated attackers to execute arbitrary code through specially crafted HTTP requests.

The technical analysis indicates that the endpoint improperly leverages Python’s built-in exec() function to process user-input code without sufficient authentication or sandboxing protocols. This vulnerability opens avenues for attackers to execute malicious commands directly on the server.

This flaw impacts a majority of versions of the popular tool and has been addressed in an update (version 1.3.0) released on March 31, 2025. Horizon3.ai initially discovered and reported the flaw in February. Experts have criticized the exploit as being “easily exploitable,” highlighting its potential to allow unauthorized access to Langflow servers, thereby posing a serious threat to affected organizations.

The impact of this vulnerability extends beyond theoretical implications. Research indicates that there are currently 1,156 Langflow servers exposed on the internet, with a significant number based in the United States, Germany, Singapore, India, and China. Despite these findings, it remains unclear how this vulnerability is being exploited in active attacks, with agencies like the SANS Technology Institute confirming recorded exploit attempts against their honeypots.

Understanding the potential MITRE ATT&CK tactics at play, it is likely that attackers have executed initial access techniques to breach these systems, possibly followed by privilege escalation tactics to gain further control. Organizations must prioritize applying the relevant patches and implementing robust authentication and sandboxing measures to mitigate these risks effectively.

CISA has designated May 26, 2025, as a deadline for Federal Civilian Executive Branch agencies to implement necessary fixes, underlining the urgency of this matter. The exploitation of dynamic code execution points to a critical need for organizations to rigorously scrutinize code-validation processes, especially for applications exposed to the internet.

In a recent update, Censys reported an increase to 1,156 exposed Langflow servers, emphasizing the continuing risks associated with this vulnerability. Approximately 360 of these servers are running versions that are known to be vulnerable, while 509 do not disclose their versions. This situation calls for heightened awareness and immediate action among organizations utilizing the Langflow platform.