THREATOPS
THREAT OPSCVEs › CVE-2025-3248

CVE-2025-3248 — Langflow Missing Authentication Vulnerability

CISA KEVExploited: confirmedLangflow

Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.

Vulnerability details

Related reporting