## https://sploitus.com/exploit?id=SAINT:1E950A358C38AD848B347A0F0E39326A
Added: 04/11/2025
CVE: CVE-2025-3248
### Background
Langflow is a low-code tool for building AI agents and workflows.
### Problem
A command injection vulnerability in the `**/api/v1/validate/code**` API endpoint could allow a remote unauthenticated attacker to execute arbitrary commands by sending a specially crafted HTTP request.
### Resolution
Upgrade to Langflow 1.3.0 or higher.
### References
https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
### Platforms
Linux