This blog details research and analysis of an active campaign that exploits a critical unauthenticated remote code execution (RCE) vulnerability, CVE-2025-3248, that has been identified in Langflow versions prior to 1.3.0. Langflow is a Python-powered visual framework for building AI applications with over 70,000 GitHub stars, and its versions prior to 1.3.0 contains a flaw in its code validation mechanism that permits arbitrary code execution.
Unauthenticated attackers can exploit this vulnerability by crafting malicious POST requests to the /api/v1/validate/code endpoint. The malicious payload in our investigation was found embedded within argument defaults or decorators of a Python function definition. Since Langflow does not enforce input validation or sandboxing, these payloads are compiled and executed within the server’s context, leading to RCE.
Read more…
Source: Trend Micro
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- CISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
September 7, 2023
Today, CISA, Federal Bureau of Investigation (FBI), and U.S. Cyber Command’s Cyber National Mission Force (CNMF) published a joint Cybersecurity Advisory (CSA), Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. This CSA provides information on an incident at an Aeronautical Sector organization, with malicious activity occurring as early as January 2023. CISA, FBI, and CNMF confirmed ...
- CISA Releases Four Industrial Control Systems Advisories
September 7, 2023
CISA released four Industrial Control Systems (ICS) advisories on September 7, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-250-01 Dover Fueling Solutions MAGLINK LX Console ICSA-23-250-02 Phoenix Contact TC ROUTER and TC CLOUD CLIENT Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
September 6, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to a previously published Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. The CSA—originally released to warn network defenders of critical infrastructure organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery ...
- CISA Releases Two Industrial Control Systems Advisories
September 5, 2023
CISA released two Industrial Control Systems (ICS) advisories on September 5, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-248-01 Fujitsu Limited Real-time Video Transmission Gear IP series Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Rockwell Automation Integer Overflow Vulnerability
September 1, 2023
Rockwell Automation’s ThinManager is designed for managing thin clients, mobile devices, cameras, and industrial devices. Comprising both client and server components, the client facilitates device configuration while the server handles data transfer and client requests. To maintain data consistency across the system, ThinManager servers synchronize using messages sent via port TCP/2031. These messages, based on a ...
- CISA Releases Four Industrial Control Systems Advisories
August 31, 2023
CISA released four Industrial Control Systems (ICS) advisories on August 31, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-243-01 ARDEREG Sistemas SCADA ICSA-23-243-02 GE Digital CIMPLICITY Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency