Security News > 2025 > May > Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence

Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence
2025-05-06 04:24

A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0. "Langflow contains a missing


News URL

https://thehackernews.com/2025/05/critical-langflow-flaw-added-to-cisa.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-04-07 CVE-2025-3248 Missing Authentication for Critical Function vulnerability in Langflow
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint.
network
low complexity
langflow CWE-306
critical
9.8