FortiGuard Outbreak Alert: Langflow Unauth RCE Attack
| Description | FortiGuard Labs have observed exploitation attempts of CVE-2025-3248 in Langflow.
Langflow is a Python-based application that allows users to visually build AI agents and workflows.
CVE-2025-3248 is an authentication bypass flaw that enables unauthenticated attackers to remotely execute arbitrary Python code by sending a crafted HTTP request to the vulnerable endpoint.
The following version of Langflow are vulnerable to CVE-2025-3248:
| ||||||
| CVE ID | CVE-2025-3248 (https://nvd.nist.gov/vuln/detail/CVE-2025-3248) | ||||||
| NDR Cloud Detection Rule | FortiNDR Cloud v25.2b+
| ||||||
| Playbook | N/A | ||||||
| Threat Hunting | FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Langflow Unauth RCE Attack” related activities. IOC source: https://www.fortiguard.com/outbreak-ioc?tag=Langflow%20Unauth%20RCE All IOCs listed above have been added to Threat Intelligence Intel. | ||||||
| Suricata Coverage | Customers can create custom investigation/detections using the Suricata signatures below: 2061448 -> ET WEB_SPECIFIC_APPS Langflow AI Unauthenticated Remote Code Execution via Code Validation Endpoint (CVE-2025-3248) | ||||||
| Other Fortinet Products | For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to: https://www.fortiguard.com/outbreak-alert/langflow-unauth-rce |