1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Langflow Missing Authentication Vulnerability

Known Exploited Vulnerabilities CVE-2025-3248

Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-3248 Langflow Missing Authentication Vulnerability exploitation_technique T1203 Exploitation for Client Execution
Comments
Unauthenticated attackers have exploited this missing authentication vulnerability by sending crafted HTTP requests, allowing them to execute arbitrary code on the target Langflow server.
References
  1. https://github.com/verylazytech/CVE-2025-3248
CVE-2025-3248 Langflow Missing Authentication Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
Unauthenticated attackers have exploited this missing authentication vulnerability by sending crafted HTTP requests, allowing them to execute arbitrary code on the target Langflow server.
References
  1. https://github.com/verylazytech/CVE-2025-3248