Security Advisory

CVE-2025-3248

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-07 14:22:38

Last updated 2025-11-29 02:05:33

Assigner VulnCheck

State PUBLISHED

Description

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

← Browse all CVEs View on cve.org ↗