Share 
## https://sploitus.com/exploit?id=E29B9FB2-9AA8-5431-8E7D-79CED6B6A67A
# โš ๏ธ Langflow RCE Exploit Scanner (CVE-2025-3248)

This Python-based scanner automates the detection of **unauthenticated Remote Code Execution (RCE)** vulnerabilities in Langflow instances via **CVE-2025-3248**. It uses a proof-of-concept payload that abuses the `/api/v1/validate/code` endpoint to execute arbitrary shell commands.

## ๐Ÿšจ CVE Details

- **CVE**: CVE-2025-3248
- **Impact**: Unauthenticated Remote Code Execution
- **Component**: Langflow API (`/api/v1/validate/code`)
- **Exploit**: Injection via dynamic code evaluation
- **Risk**: Critical

## ๐Ÿ›  Features

- ๐Ÿ”Ž Batch scan multiple targets from a file
- โšก๏ธ Multi-threaded for fast performance
- โœ… Validates RCE by checking for expected command output (e.g., `uid=`)
- ๐Ÿ“ Outputs vulnerable targets to `vuln.txt`
- ๐Ÿงฑ Clean, modular code structure

## ๐Ÿ“ฆ Requirements

- Python 3.x
- `requests` library

Install dependencies:
```
pip install requests
```
## ๐Ÿ“‚ Usage

1. Add targets (with or without http(s)://) to targets.txt, one per line:
```
http://example.com
192.168.1.100:7860
https://target.net
```

2. Run the script:
```
python3 scanner.py
```

3. Check vuln.txt for successful exploitation results:
```
http://vulnerable-target.com | uid=1000(user) gid=1000(user) groups=1000(user)
```


## โš™๏ธ Configuration

Modify the following values at the top of the script as needed:

COMMAND: Shell command to execute (default: id)

EXPECTED_SUBSTRING: Substring to confirm execution (default: uid=)

THREADS: Number of concurrent threads (default: 20)


## ๐Ÿ”’ Disclaimer

This tool is provided for educational and authorized security testing only. Unauthorized access to systems is illegal and unethical. You are solely responsible for your use of this code.

## ๐Ÿ™ Credits

Exploit Author: ynsmroztas

Script Refactor: ill deed


## ๐Ÿ“„ License

MIT License โ€“ use responsibly.