Langflow AI agent platform hit by critical unauthenticated RCE flaws

Apr 2025

Multiple critical vulnerabilities in Langflow, an open-source AI agent and workflow platform with 140K+ GitHub stars, allowed unauthenticated remote code execution. CVE-2025-3248 (CVSS 9.8) exploited Python exec() on user input without auth, while CVE-2025-34291 (CVSS 9.4) enabled account takeover and RCE simply by having a user visit a malicious webpage, exposing all stored API keys and credentials.

Incident Details

Perpetrator:AI agent platform

Severity:Catastrophic

Blast Radius:All Langflow instances prior to 1.3.0 (millions of users); exposure of stored API keys, database passwords, and service tokens across integrated services

Tech Stack

LangflowPythonFastAPI

References

Horizon3.ai: Unsafe at Any Speed - Unauth RCE in Langflow AI ↗Zscaler: CVE-2025-3248 RCE vulnerability in Langflow ↗Obsidian Security: CVE-2025-34291 Critical Account Takeover and RCE ↗