Unauthenticated RCE in Langflow /api/v1/validate/code

This repository is a small standalone exploit PoC consisting of one Python script and one README. The main file, CVE-2025-3248.py, is a command-line exploit that targets a vulnerable web application's POST endpoint at /api/v1/validate/code. It validates a user-supplied base URL, appends the vulnerable path, and sends a JSON body containing a crafted Python payload. The payload imports os and abuses exec() inside a decorator expression to run os.popen() with an operator-controlled system command. The command output is wrapped in an exception so the result is likely reflected in the HTTP response, which the script prints in either text or JSON format. The exploit supports arbitrary command execution, configurable timeout, and verbose logging, making it an operational RCE tool rather than a simple detector. The README mirrors the code behavior, explains usage, gives example commands such as whoami and cat /etc/passwd, and describes the vulnerability as a Python code-injection issue in the same API endpoint. No framework affiliation, persistence, lateral movement, or post-exploitation automation is present; the repository is focused narrowly on single-shot remote command execution against a specific vulnerable API surface.

This repository contains a working exploit for CVE-2025-3248, a critical unauthenticated remote code execution (RCE) vulnerability in Langflow (<= v1.3.0). The exploit is implemented in a single Python script (CVE-2025-3248.py) and is accompanied by a detailed README.md. The exploit works by sending a crafted POST request to the vulnerable Langflow endpoint (/api/v1/validate/code), embedding a Python payload that executes arbitrary shell commands via subprocess. The script supports targeting single or multiple URLs, optional proxying, and outputs the result of the executed command. No authentication is required, and the exploit is effective against any exposed, unpatched Langflow instance. The README provides technical details, usage instructions, and search dorks for finding vulnerable targets. The repository is operational and provides a real, working exploit for the specified CVE.

This repository is a proof-of-concept (PoC) exploit for CVE-2025-3248, a critical remote code execution (RCE) vulnerability in Langflow versions <= 1.3.0. The vulnerability arises from the /api/v1/validate/code endpoint, which executes user-supplied Python code without authentication or input sanitization. The exploit is implemented in Rust (src/main.rs) and allows the user to specify a target URL and a shell command to execute. The exploit crafts a malicious Python payload that is sent via a POST request to the vulnerable endpoint, resulting in arbitrary command execution on the server. The repository includes a Docker Compose file for setting up a vulnerable test environment and a README with detailed usage instructions and vulnerability background. The exploit is operational, providing direct command execution and output retrieval, and targets network-accessible Langflow instances exposing the vulnerable endpoint.

This repository contains an operational exploit for CVE-2025-3248, targeting Langflow versions prior to 1.3.0. The exploit leverages an unauthenticated code injection vulnerability in the '/api/v1/validate/code' endpoint, which uses Python's exec() function unsafely. The main exploit script, 'cve-2025-3248.py', takes as arguments the target URL, attacker's (C2) IP, and port. It crafts a malicious payload that, when sent to the vulnerable endpoint, causes the server to connect back to the attacker's machine and spawn a reverse shell. The repository includes a README with setup and usage instructions, a requirements.txt for dependencies, and standard project files. The exploit is not part of a framework and is a standalone Python script. The main attack vector is network-based, exploiting a remote API endpoint. The only fingerprintable endpoint is '/api/v1/validate/code'. The exploit is operational, providing a working reverse shell if the target is vulnerable and accessible.

This repository contains a proof-of-concept (PoC) exploit for CVE-2025-3248, a remote code execution (RCE) vulnerability in Langflow versions prior to 1.3.0. The exploit is implemented in a single Python script (CVE-2025-3248.py) and is accompanied by a README.md file with usage instructions and vulnerability details. The exploit targets the /api/v1/validate/code HTTP endpoint, sending a crafted payload that injects and executes arbitrary Python code on the server. The script takes two arguments: the target URL and the command to execute. If successful, it returns the output of the executed command. The repository is structured simply, with clear instructions for setting up a vulnerable environment using Docker and for running the exploit. The exploit is a functional PoC and does not include advanced features such as payload customization or post-exploitation modules.

This repository provides a proof-of-concept (PoC) exploit for CVE-2025-3248, a remote code execution (RCE) vulnerability in Langflow versions prior to 1.3.0. The main exploit script, CVE-2025-3248.py, sends a crafted POST request to the /api/v1/validate/code endpoint of a vulnerable Langflow instance, injecting Python code that executes arbitrary system commands via the subprocess module. The exploit is unauthenticated and works remotely over HTTP, targeting the default port 7860. The repository includes a Dockerfile and docker-compose.yml for setting up a vulnerable test environment, as well as a .env.example for configuration. The README.md provides usage instructions and background on the vulnerability. The exploit is functional and demonstrates the vulnerability, but is positioned as a PoC for educational and testing purposes.

This repository targets CVE-2025-3248, a critical unauthenticated remote code execution (RCE) vulnerability in Langflow AI. It contains two main Python scripts: 1. LangflowCheck.py: A scanner that tests if a given Langflow AI instance is vulnerable by sending a payload to the /api/v1/validate/code endpoint. The payload attempts to read /etc/passwd, and the script checks the response for evidence of successful code execution. It supports scanning single or multiple targets and can output a list of vulnerable hosts. 2. exploit.py: An exploit script that sends a reverse shell payload to the same endpoint. The attacker specifies their own IP and port (lhost/lport), and the script attempts to connect back to the attacker's listener, providing a shell on the target system. The script includes logging and can verify if the attacker's listener is ready before sending the payload. The exploit is operational and provides a working reverse shell if the target is vulnerable. The main attack vector is network-based, targeting the exposed /api/v1/validate/code HTTP endpoint. The repository is well-structured, with clear separation between detection and exploitation scripts, and includes documentation in the README.md. No hardcoded IPs or domains are present; the scripts require user-supplied target and attacker information.

This repository contains a Python exploit script (Mass-CVE-2025-3248.py) and a README.md. The exploit targets CVE-2025-3248, a critical unauthenticated remote code execution vulnerability in Langflow versions prior to 1.3.0. The vulnerability exists in the '/api/v1/validate/code' API endpoint, which improperly executes user-supplied code. The script allows the user to specify a single target URL or a file containing multiple targets, and sends a crafted POST request to the vulnerable endpoint with a Python payload that executes arbitrary shell commands on the server. The output of the command is returned to the attacker. The exploit is operational, providing a working RCE payload, and is intended for use in penetration testing or vulnerability validation. The README provides usage instructions and highlights the critical nature of the vulnerability.

This repository provides a fully operational remote code execution (RCE) exploit for Langflow, targeting CVE-2025-3248. The main exploit script (exploit.py) is a Python 3 tool that interacts with the vulnerable Langflow API endpoint (/api/v1/validate/code) to inject and execute arbitrary Python code on the server. The exploit supports multiple modes: interactive shell, single command execution, reverse shell (with several payload methods), file upload/download (using base64 encoding), and persistence via cron jobs. It features payload obfuscation, header rotation for stealth, and session logging. The repository includes a README.md with detailed usage instructions, requirements.txt for dependencies, and output.txt (empty). The exploit is not part of a framework and is self-contained. The attack vector is network-based, requiring access to the target's HTTP(S) API. The exploit is mature (operational), providing real-world attack capabilities beyond a simple proof of concept.

This repository contains a Python exploit script (CVE-2025-3248.py) targeting a remote code execution (RCE) vulnerability in Langflow applications (CVE-2025-3248). The exploit abuses the /api/v1/validate/code API endpoint, which is accessible without authentication, to execute arbitrary system commands on the target server. The script allows the attacker to specify a single target URL or a list of targets, as well as the command to execute. It supports optional proxying (e.g., through Burp Suite) and provides colorized terminal output for clarity. The README provides usage instructions, affected endpoint details, and search dorks for finding vulnerable instances. The repository is well-structured, with a single exploit script, a README, a license, and a .gitignore. The exploit is operational and returns the output of executed commands, making it a practical tool for attackers or penetration testers.

This repository contains a proof-of-concept exploit for CVE-2025-3248, a critical unauthenticated remote code execution vulnerability in Langflow AI. The main exploit script (CVE-2025-3248.py) is a Python 3 tool that provides an interactive shell to the attacker, allowing arbitrary system commands to be executed on the target server. The exploit works by sending a specially crafted Python function to the /api/v1/validate/code endpoint, which is vulnerable to code injection. The script disables SSL verification for convenience and uses the requests and colorama libraries. The repository includes a README with usage instructions, a requirements.txt for dependencies, and a standard MIT license. No detection or fake code is present; this is a functional exploit PoC targeting a real vulnerability.

This repository contains a Python exploit script (CVE-2025-3248.py) and a README.md. The exploit targets Langflow instances vulnerable to CVE-2025-3248, which allows remote, unauthenticated attackers to execute arbitrary system commands via a crafted POST request to the /api/v1/validate/code endpoint. The script supports both single-target and bulk scanning modes, accepts custom commands for execution, and saves results (including command output and scan statistics) to timestamped files. The exploit works by injecting Python code that uses subprocess.check_output to run arbitrary shell commands on the server. The README provides usage instructions and example output. No hardcoded IPs or domains are present; the script is designed to be used against user-supplied targets. The main entry point is CVE-2025-3248.py, which implements all exploit logic.

This repository contains a working exploit for CVE-2025-3248, a remote code execution (RCE) vulnerability in the Langflow application. The exploit is implemented as a single Python script (langflow_rce_unauth.py) and is accompanied by a README.md with usage instructions and vulnerability details. The exploit targets the '/api/v1/validate/code' endpoint of a vulnerable Langflow instance, sending a specially crafted payload that leverages Python's exec() and subprocess modules to execute arbitrary shell commands on the server. No authentication is required, making this a critical unauthenticated RCE. The script provides colorized output and is easy to use, requiring only the target URL and the desired command. The repository is well-structured, with clear documentation and a single, focused exploit script.

This repository contains an operational exploit for CVE-2025-3248, targeting Langflow version 1.2.0. The main exploit script (exploit.py) is a Python 3 tool that requires valid admin credentials to authenticate to the target Langflow instance. Once authenticated, it abuses the /api/v1/validate/code API endpoint to execute arbitrary system commands or spawn a reverse shell on the target system. The script supports proxying requests (e.g., through Burp Suite) and can be used to either run a single command or establish a reverse shell to an attacker-controlled host and port. The repository also includes a Docker Compose file for deploying a vulnerable Langflow instance locally for testing. The exploit is not part of a framework and is a standalone operational tool. The main attack vector is network-based, requiring access to the target's web interface. Key endpoints include the authentication and code validation APIs. The exploit is well-documented and provides clear usage instructions.

This repository contains a functional exploit for CVE-2025-3248, targeting the Langflow API's /api/v1/validate/code endpoint. The main file, CVE-2025-3248.py, is a Python script that allows an attacker to perform remote code execution (RCE) by injecting malicious Python code via a POST request to the vulnerable API endpoint. The script provides an interactive CLI for the user to either execute arbitrary system commands or spawn a reverse shell on the target system. It handles retries if the endpoint is temporarily unavailable and disables SSL verification for convenience. The exploit is operational, providing real payloads for both command execution and reverse shell, and is not just a proof of concept. The README provides basic usage instructions and a disclaimer. No hardcoded IPs or domains are present; the target URL is supplied by the user at runtime.

This repository provides a working exploit for CVE-2025-3248, a critical remote code execution vulnerability in Langflow versions 0 through 1.2.0. The exploit is implemented in a single Python script ('exploit'), which targets the /api/v1/validate/code endpoint of a vulnerable Langflow server. The exploit works by sending a specially crafted payload that abuses unsafe code execution in the API, resulting in a reverse shell being established from the target server to the attacker's machine. The script includes logic to detect the correct protocol (HTTP/HTTPS), verify the existence of the vulnerable endpoint, and launch a listener for the reverse shell. The repository also contains a README.md with detailed vulnerability and usage information, and a Docker/setup file to help set up a vulnerable test environment. The exploit is operational and provides full remote code execution if the target is vulnerable and accessible.

This repository contains a functional exploit for CVE-2025-3248, targeting Langflow versions prior to 1.3.0. The exploit leverages a code injection vulnerability in the /api/v1/validate/code API endpoint, allowing a remote, unauthenticated attacker to execute arbitrary Python code on the server. The exploit script (exploit.py) first tests for vulnerability by sending a payload that attempts to execute the 'id' command. If the target is vulnerable, the user is prompted to proceed with exploitation, which involves sending a payload that establishes a reverse shell from the target to the attacker's specified IP and port. The repository consists of a README.md with usage instructions and background, and a single Python exploit script. The exploit is operational, providing a working reverse shell payload, and requires the attacker to set up a listener to receive the shell. The main fingerprintable endpoint is the /api/v1/validate/code API path.

This repository contains a working proof-of-concept exploit for CVE-2025-3248, a critical remote code execution vulnerability in Langflow versions prior to 1.3.0. The exploit is implemented in a single Python script (cve-2025-3248.py) and is accompanied by a README.md with usage instructions and background information. The exploit works by sending a crafted POST request to the /api/v1/validate/code endpoint of a vulnerable Langflow instance, injecting a Python function that executes an arbitrary shell command via subprocess. The output of the command is extracted from the error message in the JSON response. The exploit does not require authentication and can be used remotely, making it highly impactful. The repository is well-structured, with clear instructions and a single, focused exploit script. No hardcoded IPs or domains are present, but the targeted endpoint is clearly fingerprintable. The exploit is operational, providing real command execution and output retrieval, but is not part of a larger framework.

This repository provides a proof-of-concept (POC) exploit for CVE-2025-3248, targeting the 'Langflow' application. The main exploit is implemented in 'poc.py', which allows an attacker to execute arbitrary system commands on a vulnerable Langflow instance by sending a crafted Python payload to the '/api/v1/validate/code' API endpoint. The payload writes a message file to the target's filesystem and executes a shell command provided by the attacker, returning the output. The repository also includes 'patch.py', a script intended to 'patch' the vulnerability by overwriting the vulnerable function on the target system, also via code injection. The structure is straightforward, with two main Python scripts (exploit and patch), a README describing usage, and standard project files. The exploit demonstrates operational maturity, as it provides a working payload and clear instructions for use.

This repository is an operational exploit and scanner for CVE-2025-3248, a code execution vulnerability in Langflow (<=1.3.0). The main entry point is main.py, which provides a CLI for scanning single or multiple targets (using FOFA for mass discovery). The exploit works by sending a crafted Python payload to the /api/v1/validate/code endpoint, leveraging unsafe code execution to run arbitrary system commands. The tool includes built-in payloads for retrieving system information (uname -a) and reading /etc/passwd, and supports custom payloads via user-supplied Python files. The scanner can output user account and system details if exploitation is successful. The codebase is modular, with separate files for payload generation, FOFA integration, and display utilities. The README provides clear usage instructions, legal disclaimers, and references to the CVE and upstream Langflow project.