7.7

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-68477

CVE-2025-68477: Langflow vulnerable to Server-Side Request Forgery

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and then sends the request using a server-side httpx client. It does not block private IP ranges (127[.]0[.]0[.]1, the 10/172/192 ranges) or cloud metadata endpoints (169[.]254[.]169[.]254), and it returns the response body as the result. Because the flow execution endpoints (/api/v1/run, /api/v1/run/advanced) can be invoked with just an API key, if an attacker can control the API Request URL in a flow, non-blind SSRF is possible—accessing internal resources from the server’s network context. This enables requests to, and collection of responses from, internal administrative endpoints, metadata services, and internal databases/services, leading to information disclosure and providing a foothold for further attacks. Version 1.7.0 contains a patch for this issue.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-68477

CVE-2025-68477:

7.7

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
langflow	pip	< 1.7.1	1.7.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability lies within the APIRequestComponent in Langflow, which is designed to make HTTP requests as part of a workflow. The core of the issue is in the make_api_request function, which, prior to the patch, would accept any user-provided URL without proper validation. This allowed an attacker to craft a request to internal network resources, such as private IP addresses (e.g., 127.0.0.1, 10.0.0.0/8) or cloud metadata services (169.254.169.254), leading to a Server-Side Request Forgery (SSRF) vulnerability. The exploit is triggered when a user with an API key executes a flow containing this malicious component via the /api/v1/run/{flow_id_or_name} or /api/v1/run/advanced/{flow_id_or_name} endpoints. The patch addresses this by introducing a new utility, ssrf_protection.py, which contains the validate_url_for_ssrf function. This function is now called within make_api_request to check the URL against a blocklist of private and reserved IP ranges before the request is made. The patch also prudently changes the default behavior of follow_redirects to False, mitigating a common SSRF bypass technique.

Vulnerable functions

lfx.components.data.api_request.APIRequestComponent.make_api_request

src/lfx/src/lfx/components/data/api_request.py

This function is responsible for making the API request. Before the patch, it did not validate the URL, allowing an attacker to specify internal or private IP addresses. The patch adds a call to `validate_url_for_ssrf` to prevent such requests.

langflow.api.v1.endpoints.simplified_run_flow

src/backend/base/langflow/api/v1/endpoints.py

This is one of the main API endpoints that triggers the execution of a flow. An attacker would use this endpoint to run a flow containing the malicious API Request component, initiating the SSRF attack.

langflow.api.v1.endpoints.experimental_run_flow

src/backend/base/langflow/api/v1/endpoints.py

This is the other main API endpoint that triggers the execution of a flow. An attacker would use this endpoint to run a flow containing the malicious API Request component, initiating the SSRF attack.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.7

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-68477: Langflow vulnerable to Server-Side Request Forgery

CVE-2025-68477:

7.7

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

7.7

7.7

CVE-2025-68477: Langflow vulnerable to Server-Side Request Forgery

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI