POC详情: 410ae675564dd88920a540e680bf704d2f6e358c

来源
https://github.com/ill-deed/Langflow-CVE-2025-3248-Multi-target
关联漏洞
标题: Langflow 安全漏洞 (CVE-2025-3248)
描述:Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.3.0之前版本存在安全漏洞,该漏洞源于/api/v1/validate/code端点存在代码注入漏洞,可能导致远程未经验证的攻击者执行任意代码。
描述
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
介绍
# ⚠️ Langflow RCE Exploit Scanner (CVE-2025-3248)

This Python-based scanner automates the detection of **unauthenticated Remote Code Execution (RCE)** vulnerabilities in Langflow instances via **CVE-2025-3248**. It uses a proof-of-concept payload that abuses the `/api/v1/validate/code` endpoint to execute arbitrary shell commands.

## 🚨 CVE Details

- **CVE**: CVE-2025-3248
- **Impact**: Unauthenticated Remote Code Execution
- **Component**: Langflow API (`/api/v1/validate/code`)
- **Exploit**: Injection via dynamic code evaluation
- **Risk**: Critical

## 🛠 Features

- 🔎 Batch scan multiple targets from a file
- ⚡️ Multi-threaded for fast performance
- ✅ Validates RCE by checking for expected command output (e.g., `uid=`)
- 📁 Outputs vulnerable targets to `vuln.txt`
- 🧱 Clean, modular code structure

## 📦 Requirements

- Python 3.x
- `requests` library

Install dependencies:
```
pip install requests
```
## 📂 Usage

1. Add targets (with or without http(s)://) to targets.txt, one per line:
```
http://example.com
192.168.1.100:7860
https://target.net
```

2. Run the script:
```
python3 scanner.py
```

3. Check vuln.txt for successful exploitation results:
```
http://vulnerable-target.com | uid=1000(user) gid=1000(user) groups=1000(user)
```


## ⚙️ Configuration

Modify the following values at the top of the script as needed:

COMMAND: Shell command to execute (default: id)

EXPECTED_SUBSTRING: Substring to confirm execution (default: uid=)

THREADS: Number of concurrent threads (default: 20)


## 🔒 Disclaimer

This tool is provided for educational and authorized security testing only. Unauthorized access to systems is illegal and unethical. You are solely responsible for your use of this code.

## 🙏 Credits

Exploit Author: ynsmroztas

Script Refactor: ill deed


## 📄 License

MIT License – use responsibly.
文件快照

 [4.0K]  /data/pocs/410ae675564dd88920a540e680bf704d2f6e358c
├── [1.8K]  README.md
└── [1.9K]  scanner.py

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。