Custom-Nmap-Scripts

Langflow-vuln-CVE-2025-3248.nse

GOAL: Detects and exploits CVE-2025-3248 unauthenticated remote code execution in Langflow instances (versions < 1.3.0).

The script first identifies Langflow web interface via a manual HTTP request. When Langflow is detected, the exploitation phase will try to execute Id command on the server to confirm the vulnerability.

References for the vulnerability:

https://horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
Langflow-vuln-cve-2025-3248.nse		Langflow-vuln-cve-2025-3248.nse
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Custom-Nmap-Scripts

Langflow-vuln-CVE-2025-3248.nse

About

Uh oh!

Releases

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Custom-Nmap-Scripts

Langflow-vuln-CVE-2025-3248.nse

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Packages