THREAT OPS › CVEs › CVE-2025-3248
CVE-2025-3248 — Langflow Missing Authentication Vulnerability
Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.
Vulnerability details
- Affected productsLangflow
- KEV remediation due2025-05-26
Related reporting
- 13th July – Threat Intelligence Reportcheckpoint_research