CVE-2025-3248

Critical Vulnerability Discovered in Langflow

A newly discovered security vulnerability, CVE-2025-3248, has been identified in Langflow, a popular tool used for building agentic AI workflows. This vulnerability poses a severe risk, allowing attackers to gain full control of vulnerable servers without needing authentication.

The issue has been patched in Langflow 1.3.0, and all users are strongly advised to upgrade immediately to protect their environments.

Recommended mitigations are to update to Langflow versions 1.3.0, or restrict network access to it.

🔗 Langflow AI Release 1.3.0

🔗 Langflow AI Pull 6911

🔗 CVE Record Information

See the NodeZero® Platform in action

Get a Demo

Read about other CVEs

CVE-2024-23108

Fortinet FortiSIEM 2nd Order Command Injection

NextGen Mirth Connect Pre-Auth RCE

Fortinet FortiSIEM Command Injection

Implement a continuous find, fix, and verify loop with NodeZero

The NodeZero^® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.

Explore NodeZero

CVE-2025-3248

Critical Vulnerability Discovered in Langflow

See the NodeZero® Platform in action

Read about other CVEs

CVE-2024-23108

Fortinet FortiSIEM 2nd Order Command Injection

CVE-2023-43208

NextGen Mirth Connect Pre-Auth RCE

CVE-2023-34992

Fortinet FortiSIEM Command Injection

NodeZero^® Platform

Implement a continuous find, fix, and verify loop with NodeZero

Recognized By

2025 Top Rated Software Award

Top 150 Cybersecurity Vendors 2025

The Channel Co. Stellar Startups 2024

Publisher’s Choice Autonomous Pentesting

2025 Fortune Cyber 60

Top 150 Cybersecurity Vendors

Tech Ascension 2024 Best Cloud Security Solution

Intellyx Digital Innovator Award

Rising Cyber Award 2024

VSA Top Innovation Award 2024