<ul><li>Langflow versions prior to 1.3.0 are vulnerable to code injection in the /api/v1/validate/code endpoint.</li><li>Remote and unauthenticated attackers can exploit this vulnerability by sending crafted HTTP requests to execute arbitrary code.</li><li>A Proof of Concept (POC) tool has been developed for educational and ethical testing purposes to demonstrate the vulnerability.</li><li>It is important to use this tool responsibly and with proper consent, as unauthorized usage can be illegal and result in liability for the user.</li></ul>

POC - Remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code - CVE-2025-3248

Discover more