The Langflow bug is now under active exploitation—and U.S. cybersecurity officials want it patched fast. The flaw, identified as CVE-2025-3248, allows hackers to take full control of servers running the open-source Langflow tool.
The vulnerability is rated 9.8 out of 10 on the CVSS severity scale. It affects an API endpoint that executes user-supplied code without proper security checks. That means an attacker can send a crafted request and run commands on the server—without any authentication.
CISA has added the bug to its Known Exploited Vulnerabilities (KEV) catalog. This confirms that the exploit isn’t just theoretical—real-world attacks are already underway. The agency now requires all U.S. federal agencies to fix the issue by May 26, 2025.
Langflow, a platform that helps build language model apps visually, failed to secure its /api/v1/validate/code endpoint. That endpoint uses Python’s exec() function to run code directly—without checking who sent it. This creates a huge security hole.
The issue was first reported by Horizon3.ai in February. A fix shipped in Langflow version 1.3.0 on March 31. But by April 9, researchers had already released a public proof-of-concept exploit, making the flaw even more dangerous.
According to data from Censys, there are at least 466 Langflow instances exposed online, with most located in the U.S., Germany, Singapore, India, and China. These open installations could become easy targets for attackers scanning the internet.
Right now, no one knows exactly how or by whom the exploit is being used. But experts agree—it’s only a matter of time before widespread attacks begin.
Security firm Zscaler warned that this flaw highlights the dangers of dynamic code execution. Developers must protect endpoints like this with strong authentication and sandboxing to prevent similar disasters.
If your organization uses Langflow, act quickly. Upgrade to version 1.3.0 or higher as soon as possible. Leaving this vulnerability unpatched could lead to total system compromise, data loss, or worse.
