CVE-2025-34291

Langflow · Langflow

Langflow contains an origin validation error that, when chained with other flaws, enables unauthenticated remote code execution and full account takeover.

Executive summary

Langflow is affected by a critical origin validation vulnerability, currently exploited by advanced persistent threat groups to gain initial access to networks.

Vulnerability

This vulnerability involves a combination of permissive CORS, missing CSRF protection, and an endpoint designed for code execution. It allows an unauthenticated attacker to take over accounts and execute arbitrary code on the host system.

Business impact

With a CVSS score of 9.5, this vulnerability is critical. Successful exploitation provides attackers with full access to the Langflow instance, including sensitive API keys and access tokens. This creates a high risk of lateral movement and cascading compromise of downstream services and integrated cloud infrastructure.

Remediation

Immediate Action: Update Langflow to a version later than 1.6.9, which implements necessary authentication requirements on the vulnerable endpoint.

Proactive Monitoring: Monitor access logs for unauthorized attempts to access API endpoints and inspect the environment for unexpected code execution or container activity.

Compensating Controls: Isolate the Langflow instance behind a VPN or Zero Trust access gateway and strictly limit CORS configurations to trusted origins.

Exploitation status

Public Exploit Available: True

Analyst recommendation

Given the active exploitation by state-sponsored actors, immediate patching is required. The ability for an attacker to gain RCE and extract sensitive credentials makes this a high-priority risk that requires urgent attention to prevent full network compromise.