Langflow Missing Authentication Vulnerability

What is the Vulnerability?A critical missing authentication vulnerability, identified as CVE-2025-3248, has been discovered in Langflow, a web application designed for creating AI-driven agents. This vulnerability allows remote, unauthenticated attackers to execute arbitrary code on the vulnerable instance by sending a specially crafted HTTP request with a malicious payload to the endpoint.The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that this vulnerability is currently being exploited by attackers in the wild. As a result, it has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, highlighting the urgency for organizations using Langflow to address this security issue promptly.What is the recommended Mitigation?Organizations using Langflow in their AI development workflows are advised to upgrade to version 1.3.0.https://github.com/langflow-ai/langflow/releases/tag/1.3.0What FortiGuard Coverage is available?Intrusion Prevention System (IPS): A signature is developed to detect and block exploit attempts targeting CVE-2025-3248.​ Intrusion Prevention | FortiGuard LabsThe FortiGuard Incident Response team is available to assist with any suspected compromise.Read More