## https://sploitus.com/exploit?id=SAINT:3AF34F968B88A1127459348F2C5877F2
Added: 04/11/2025
CVE: CVE-2025-3248
### Background
Langflow is a low-code tool for building AI agents and workflows.
### Problem
A command injection vulnerability in the `**/api/v1/validate/code**` API endpoint could allow a remote unauthenticated attacker to execute arbitrary commands by sending a specially crafted HTTP request.
### Resolution
Upgrade to Langflow 1.3.0 or higher.
### References
https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
### Platforms
Linux