Do Son 
A critical vulnerability in Langflow—a platform designed for visual construction of LLM chains—is actively being exploited by malicious actors. Identified as CVE-2025-3248, the flaw has received a CVSS score of 9.8, placing it near the highest level of severity.
The vulnerability stems from a lack of authentication on the /api/v1/validate/code endpoint, which enables remote attackers to execute arbitrary code via specially crafted HTTP requests. Internally, the Python exec() function is invoked directly on user input without any protective measures—no authentication, no sandboxing. This creates a direct pathway for adversaries to seize control of the server.
The flaw affects nearly all versions of Langflow, with the sole exception being version 1.3.0, released on March 31, 2025, which implements safeguards to neutralize the dangerous mechanism. Although the vulnerability was first disclosed in February, the situation escalated on April 9 when a fully functional proof-of-concept exploit was made publicly available.
According to Censys data, there are currently 466 exposed Langflow instances accessible on the internet, with the majority located in the United States, Germany, Singapore, India, and China. The identity and objectives of the attackers remain unknown, but the scale of the threat is a cause for serious concern.
Experts at Zscaler emphasize that CVE-2025-3248 starkly illustrates the perils of executing user-supplied code without robust authentication and isolation. The convenience of on-the-fly code validation—particularly in publicly accessible web applications—demands a cautious and well-architected approach.
Langflow, an open-source platform widely embraced in the AI community, allows users to visually orchestrate text and query processing pipelines using language models. Ironically, the vulnerability strikes at the very core of its user-friendly logic, turning convenience into a weapon in the hands of adversaries.
This incident serves as a sobering reminder of the architectural diligence required when developing systems that interact with executable code, and underscores the imperative of adopting proven security best practices.
