The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a critical security vulnerability affecting the open-source Langflow platform in its Known Exploited Vulnerabilities (KEV) catalog. This decision follows evidence of active exploitation of the flaw, identified as CVE-2025-3248, which has been assigned a CVSS score of 9.8 out of 10.
Langflow is a widely used tool that enables users to build and deploy applications leveraging large language models (LLMs). Its popularity stems from its user-friendly interface and flexibility, making it a preferred choice for developers integrating LLMs into various applications.
The vulnerability resides in the `/api/v1/validate/code` endpoint of Langflow. This endpoint improperly invokes Python’s built-in `exec()` function on user-supplied code without adequate authentication or sandboxing measures. As a result, remote, unauthenticated attackers can execute arbitrary code on the server by sending specially crafted HTTP requests.
Horizon3.ai, a cybersecurity firm, discovered and reported this flaw in February 2025. They described the vulnerability as easily exploitable, allowing unauthenticated remote attackers to gain control over Langflow servers. A proof-of-concept (PoC) exploit was publicly released on April 9, 2025, further increasing the risk of exploitation.
In response to this critical issue, the Langflow development team released version 1.3.0 on March 31, 2025, which addresses the vulnerability. Users are strongly advised to upgrade to this latest version to mitigate potential risks.
Data from the attack surface management platform Censys indicates that there are 466 internet-exposed Langflow instances worldwide. The majority of these instances are located in the United States, Germany, Singapore, India, and China. This widespread deployment underscores the urgency for users in these regions to apply the necessary patches promptly.
While specific details about the real-world exploitation of this vulnerability remain unclear, the inclusion of CVE-2025-3248 in CISA’s KEV catalog highlights the severity of the issue. Federal Civilian Executive Branch (FCEB) agencies have been given a deadline until May 26, 2025, to apply the fixes.
This incident serves as a critical reminder of the risks associated with executing dynamic code without secure authentication and sandboxing measures. Organizations are urged to approach code-validation features with caution, especially in applications exposed to the internet.
