CVE-2025-57760

HIGH EPSS 34.7%
Published Aug 25, 202510mo ago · Modified Jun 17, 20262w ago
8.8 CVSS 3.1
High
Find Similar
Published Aug 25, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.

CVSS Details

Base Score
8.8
Exploitability
2.8
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
34.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-269 Improper Privilege Management Authorization

Affected Products 33

VendorProductVersionRange
langflowlangflow* <1.5.0
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any
langflowlangflow1.5.0any

References 3

  • github.com http://github.com/langflow-ai/langflow/pull/9152
    Patch
  • github.com https://github.com/langflow-ai/langflow/commit/c188ec113c9ca46154ad01d0eded1754cc6bef97
    Patch
  • github.com https://github.com/langflow-ai/langflow/security/advisories/GHSA-4gv9-mp8m-592r
    Third Party Advisory

Remediation

  • github.com http://github.com/langflow-ai/langflow/pull/9152
    Patch
  • github.com https://github.com/langflow-ai/langflow/commit/c188ec113c9ca46154ad01d0eded1754cc6bef97
    Patch