Security News > 2025 > May > Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence
2025-05-06 04:24
A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0. "Langflow contains a missing
News URL
https://thehackernews.com/2025/05/critical-langflow-flaw-added-to-cisa.html
Related news
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
- Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- CISA extends funding to ensure 'no lapse in critical CVE services' (source)
- CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database (source)
- CISA warns of hackers targeting critical oil infrastructure (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-07 | CVE-2025-3248 | Missing Authentication for Critical Function vulnerability in Langflow Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. | 9.8 |