CVE-2025-3248: Langflow code-validation RCE
CVE-2025-3248 (Langflow code-validation RCE) is a unauthenticated remote code execution (code injection) vulnerability in langflow (PyPI). As of 2026-06-18 it carries a very high 100.0% probability of exploitation in the next 30 days (EPSS). It is fixed in 1.3.0 — if you depend on an earlier version, upgrade.
| Severity | Critical |
|---|---|
| CVSS vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| EPSS (exploit probability, 30d) | 100.0% · 100th percentile |
| Vulnerability type | Unauthenticated Remote Code Execution (code injection) |
| Affected package | langflow (PyPI) |
| Fixed in | 1.3.0 |
What is CVE-2025-3248?
Langflow, a popular Python framework for building AI agents and workflows, exposed an /api/v1/validate/code endpoint that passed user-supplied code to Python's exec() with no authentication or sandboxing. Because exec() evaluates default arguments and decorators immediately, a remote unauthenticated attacker could run arbitrary code with a single crafted HTTP request. It was added to CISA's Known Exploited Vulnerabilities catalog and exploited in the wild to deploy the Flodrix botnet.
Is CVE-2025-3248 exploitable?
CVE-2025-3248 has an EPSS score of 100.0% (100th percentile), meaning a very high 100.0% probability of exploitation in the next 30 days. Its CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, which scores as Critical severity. It is a unauthenticated remote code execution (code injection) issue.
What is the EPSS score for CVE-2025-3248?
As of 2026-06-18, the EPSS exploit-prediction score for CVE-2025-3248 is 100.0% (100th percentile). EPSS estimates the probability that a vulnerability will be exploited in the wild within the next 30 days and is recomputed daily by FIRST.org.
How do I fix CVE-2025-3248?
Upgrade langflow to 1.3.0 or later. Langflow, a popular Python framework for building AI agents and workflows, exposed an /api/v1/validate/code endpoint that passed user-supplied code to Python's exec() with no authentication or sandboxing. Because exec() evaluates default arguments and decorators immediately, a remote unauthenticated attacker could run arbitrary code with a single crafted HTTP request. It was added to CISA's Known Exploited Vulnerabilities catalog and exploited in the wild to deploy the Flodrix botnet.
Am I affected by CVE-2025-3248?
You are affected if your project (directly or transitively) depends on a vulnerable version of langflow in the PyPI ecosystem. Check your lockfile for the resolved version, or scan automatically with VulnFeed.
Check your own project automatically
Don't eyeball every dependency by hand. VulnFeed reads your lockfile, checks it against the same advisory data, and ranks findings by EPSS — free, no signup (10 scans/day):
curl -s https://vulnfeed-api.novadyne.ai/vulnscan/query \
-H 'content-type: application/json' \
-d '{"ecosystem":"npm","package":"PKG","version":"VERSION"}'
Or run it inside Claude Code with no API key — uvx vulnfeed-mcp — and just ask "scan this project for vulnerabilities."
Data sources: vulnerability metadata from OSV.dev and the National Vulnerability Database; exploit-probability (EPSS) from FIRST.org (recomputed daily; EPSS data shown here as of 2026-06-18). Page generated 2026-06-18.