Security News > 2025 > May > RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)

RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)
2025-05-06 13:08

A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has confirmed by adding it to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2025-3248 Langflow is an open-source, Python-based app that allows users to create AI agents (e.g., chatbots assistants) and workflows without actually writing any code. Instead, they simply drag, drop and chain LLM components and add the neccessary inputs. Unfortunately, … More → The post RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2025/05/06/langflow-cve-2025-3248-exploited/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-04-07 CVE-2025-3248 Missing Authentication for Critical Function vulnerability in Langflow
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint.
network
low complexity
langflow CWE-306
critical
9.8