This blog details research and analysis of an active campaign that exploits a critical unauthenticated remote code execution (RCE) vulnerability, CVE-2025-3248, that has been identified in Langflow versions prior to 1.3.0. Langflow is a Python-powered visual framework for building AI applications with over 70,000 GitHub stars, and its versions prior to 1.3.0 contains a flaw in its code validation mechanism that permits arbitrary code execution.
Unauthenticated attackers can exploit this vulnerability by crafting malicious POST requests to the /api/v1/validate/code endpoint. The malicious payload in our investigation was found embedded within argument defaults or decorators of a Python function definition. Since Langflow does not enforce input validation or sandboxing, these payloads are compiled and executed within the server’s context, leading to RCE.
Read more…
Source: Trend Micro
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- CISA Adds Eight Known Exploited Vulnerabilities to Catalog
September 18, 2023
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-22265 Samsung Mobile Devices Use-After-Free Vulnerability CVE-2014-8361 Realtek SDK Improper Input Validation Vulnerability CVE-2017-6884 Zyxel EMG2926 Routers Command Injection Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related: CISA Adds One Known Vulnerability to Catalog
- Kuwait’s finance ministry says cyberattack hit one of its systems
September 18, 2023
Kuwait’s finance ministry said on Monday that one of its systems had suffered a cyberattack in the early morning but that the ministry continued to work normally. The ministry said in a statement that protection systems and procedures had been activated and “the level of the hacking attempt is being assessed.” Read more… Source: Alarabiya News
- CISA Releases Three Industrial Control Systems Advisories
September 12, 2023
CISA released three Industrial Control Systems (ICS) advisories on September 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-255-01 Hitachi Energy Lumada APM Edge ICSA-23-255-02 Fujitsu Software Infrastructure Manager Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Unusually low 5 critical vulnerabilities included in Microsoft September Patch Tuesday, along with two zero-days
September 12, 2023
Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsoft’s usual security updates. However, there are two issues disclosed and patched this month that have already been exploited in the wild. Fifty-six of the vulnerabilities included in this month’s Patch ...
- Deleting Your Way Into SYSTEM: Why Arbitrary File Deletion Vulnerabilities Matter
September 11, 2023
Windows arbitrary file deletion vulnerabilities should no longer be considered mere annoyances or tools for Denial-of-Service (DoS) attacks. Over the past couple of years, these vulnerabilities have matured into potent threats capable of unearthing a portal to full system compromise. This transformation is exemplified in CVE-2023-27470 (an arbitrary file deletion vulnerability in N-Able’s Take Control Agent ...
- Apple fixes zero-day bugs used to plant Pegasus spyware
September 7, 2023
Apple released security updates on Thursday that patch two zero-day exploits — meaning hacking techniques that were unknown at the time Apple found out about them — used against a member of a civil society organization in Washington, D.C., according to the researchers who found the vulnerabilities. Citizen Lab, an internet watchdog group that investigates government ...