Share
## https://sploitus.com/exploit?id=FE9EDBB6-A1BB-5694-A8D3-188529A65C31
# mitsec - CVE-2025-3248 Langflow RCE Exploit
Remote Code Execution (RCE) exploit for **Langflow** applications vulnerable to **CVE-2025-3248**.
> Affected Endpoint: `/api/v1/validate/code`
## ๐ Exploit Features
- Remote and unauthenticated RCE
- No authentication required
- Python3 one-liner script
- Colorized terminal output
## ๐ง Usage
```bash
python3 mitsec.py -u http://target:7860 -c "id"
```
## ๐งช Example Output
```bash
[+] Command Output:
uid=1001(langflow) gid=1001(langflow) groups=1001(langflow)
```
## ๐ง CVE Details
- **CVE**: CVE-2025-3248
- **Type**: Remote Code Execution (RCE)
- **Component**: Langflow backend
- **Condition**: Misuse of dynamic `exec()` in user-controlled code path
## ๐ ZoomEye Dork
```
app="Langflow"
```
## ๐งโ๐ป Author
- Twitter: [@ynsmroztas](https://twitter.com/ynsmroztas)
- GitHub: [@ynsmroztas](https://github.com/ynsmroztas)
## ๐ Disclaimer
> This tool is for **educational and authorized security testing** purposes only. Unauthorized use is prohibited.