Langflow AI 未授权远程代码执行漏洞
漏洞信息
漏洞名称: Langflow AI 未授权远程代码执行漏洞
漏洞编号:
- CVE: CVE-2025-3248
漏洞类型: 命令执行
漏洞等级: 严重
漏洞描述: Langflow AI是一个人工智能平台,广泛应用于自动化流程和数据处理任务中,其典型部署场景包括企业级服务和Web应用组件。由于其功能的强大和灵活性,Langflow AI在多个行业中被广泛使用。CVE-2025-3248漏洞是一个严重的未授权远程代码执行(RCE)漏洞,攻击者可以通过向/api/v1/validate/code端点发送特制的payload来执行任意Python代码。这一漏洞的技术根源在于Langflow AI未能正确验证和清理用户提供的输入,导致攻击者可以注入并执行恶意代码。这种漏洞的存在使得攻击者无需任何认证即可远程控制受影响的系统,执行任意命令,可能导致数据泄露、服务中断甚至完全的系统接管。由于漏洞的利用不需要用户交互,且可以通过自动化工具大规模利用,因此对使用Langflow AI的组织构成了极高的安全风险。
产品厂商: Langflow AI
产品名称: Langflow AI
来源: https://github.com/r0otk3r/CVE-2025-3248
类型: CVE-2025:github search
仓库文件
- README.md
来源概述
🚨 CVE-2025-3248: Langflow Unauthenticated Remote Code Execution (RCE)
This repository contains two Python scripts:
LangflowCheck.py: A scanner that checks for Langflow AI instances vulnerable to CVE-2025-3248.exploit.py: A working reverse shell exploit for vulnerable Langflow targets.
🧠 Summary
CVE-2025-3248 is a critical vulnerability in Langflow AI that allows unauthenticated attackers to execute arbitrary Python code remotely via a crafted payload to /api/v1/validate/code.
📂 Files
LangflowCheck.py
- Checks if a target is vulnerable by attempting to execute a harmless payload that reads
/etc/passwd. - Can scan a single target or a list of URLs.
- Supports outputting vulnerable targets to a file.
exploit.py
- Sends a reverse shell payload to the vulnerable endpoint.
- Requires attacker IP (
lhost) and listener port (lport). - Logs activity to
exploit.log. - Supports listener check before sending payload.
🚀 Usage
1. Install Requirements
1 | |
2. Run Vulnerability Scanner
Single URL
1 | |
3. Exploit a Target
First, start a listener
1 | |
Then, run the exploit:
1 | |
You should receive a shell if the target is vulnerable.
⚠️ Disclaimer
This exploit is for educational and authorized security testing only. Do not use against systems you do not own or have explicit permission to test.