Miggo Logo

CVE-2025-3248: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.99713%
Published
4/7/2025
Updated
4/10/2025
KEV Status
Yes
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
langflowpip< 1.3.01.3.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The core vulnerability exists in two layers: 1) The API endpoint handler (post_validate_code) lacked authentication, allowing unauthorized access. 2) The validation logic (validate_code) used unsafe exec() with user-controlled input. The patches add auth to the endpoint but don't modify the underlying code execution mechanism, indicating validate_code remains the injection point when called without proper auth checks. Both functions would appear in exploitation stack traces - the endpoint handler from HTTP request processing, and validate_code during code execution.

Vulnerable functions

langflow.api.v1.validate.post_validate_code
src/backend/base/langflow/api/v1/validate.py
The original unauthenticated endpoint handler processed untrusted code input without authorization checks. The addition of current_user parameter in patch shows previous lack of authentication.
langflow.utils.validate.validate_code
src/backend/base/langflow/utils/validate.py
Directly processes untrusted code input using Python's exec function with insufficient validation, enabling code injection via decorators/default arguments

WAF Protection Rules

WAF Rule

L*n**low v*rsions prior to *.*.* *r* sus**pti*l* to *o** inj**tion in t** `/*pi/v*/v*li**t*/*o**` *n*point. * r*mot* *n* un*ut**nti**t** *tt**k*r **n s*n* *r**t** *TTP r*qu*sts to *x**ut* *r*itr*ry *o**.

Reasoning

T** *or* vuln*r**ility *xists in two l*y*rs: *) T** *PI *n*point **n*l*r (post_v*li**t*_*o**) l**k** *ut**nti**tion, *llowin* un*ut*oriz** ****ss. *) T** v*li**tion lo*i* (v*li**t*_*o**) us** uns*** *x**() wit* us*r-*ontroll** input. T** p*t***s ***