9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-3248

GHSA ID

GHSA-c995-4fw3-j39m

EPSS Score

0.99713%

CWE

CWE-94

Published

4/7/2025

Updated

4/10/2025

KEV Status

Yes

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-3248

CVE-2025-3248: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-3248

GHSA ID

GHSA-c995-4fw3-j39m

EPSS Score

0.99713%

CWE

CWE-94

Published

4/7/2025

Updated

4/10/2025

KEV Status

Yes

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
langflow	pip	< 1.3.0	1.3.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The core vulnerability exists in two layers: 1) The API endpoint handler (post_validate_code) lacked authentication, allowing unauthorized access. 2) The validation logic (validate_code) used unsafe exec() with user-controlled input. The patches add auth to the endpoint but don't modify the underlying code execution mechanism, indicating validate_code remains the injection point when called without proper auth checks. Both functions would appear in exploitation stack traces - the endpoint handler from HTTP request processing, and validate_code during code execution.

Vulnerable functions

langflow.api.v1.validate.post_validate_code

src/backend/base/langflow/api/v1/validate.py

The original unauthenticated endpoint handler processed untrusted code input without authorization checks. The addition of current_user parameter in patch shows previous lack of authentication.

langflow.utils.validate.validate_code

src/backend/base/langflow/utils/validate.py

Directly processes untrusted code input using Python's exec function with insufficient validation, enabling code injection via decorators/default arguments

WAF Protection Rules

WAF Rule

L*n**low v*rsions prior to *.*.* *r* sus**pti*l* to *o** inj**tion in t** `/*pi/v*/v*li**t*/*o**` *n*point. * r*mot* *n* un*ut**nti**t** *tt**k*r **n s*n* *r**t** *TTP r*qu*sts to *x**ut* *r*itr*ry *o**.

Reasoning

T** *or* vuln*r**ility *xists in two l*y*rs: *) T** *PI *n*point **n*l*r (post_v*li**t*_*o**) l**k** *ut**nti**tion, *llowin* un*ut*oriz** ****ss. *) T** v*li**tion lo*i* (v*li**t*_*o**) us** uns*** *x**() wit* us*r-*ontroll** input. T** p*t***s ***

9.8

Basic Information

Concerned about an active attack path?

CVE-2025-3248: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI