Security News > 2025 > May > RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)
2025-05-06 13:08
A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has confirmed by adding it to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2025-3248 Langflow is an open-source, Python-based app that allows users to create AI agents (e.g., chatbots assistants) and workflows without actually writing any code. Instead, they simply drag, drop and chain LLM components and add the neccessary inputs. Unfortunately, … More → The post RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2025/05/06/langflow-cve-2025-3248-exploited/
Related news
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-07 | CVE-2025-3248 | Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. | 0.0 |