A critical remote code execution (RCE) vulnerability, identified as CVE-2025-3248 with a CVSS score of 9.8, has been uncovered in Langflow, an open-source platform widely used for visually designing AI-driven agents and workflows.
This flaw, residing in the platform’s /api/v1/validate/code endpoint, poses a significant risk to organizations leveraging Langflow in their AI development ecosystems.
https://gbhackers.com/critical-langflow ... injection/