CVE-2025-3248

This exploit targets CVE-2025-3248 in Langflow <= 1.2.x, leveraging an unauthenticated API endpoint `/api/v1/validate/code` that improperly evaluates arbitrary Python code via `exec()`. The PoC sends a crafted payload to execute system commands and retrieves the output from the error response.

This exploit demonstrates a remote code execution vulnerability in Langflow versions prior to 1.3.0 by sending a crafted HTTP request to the '/api/v1/validate/code' endpoint, which executes arbitrary commands via Python's exec function.

The repository contains a functional exploit PoC for CVE-2026-22812, targeting OpenCode for remote command execution (RCE). The script establishes a session, then sends a crafted JSON payload to execute the 'id' command, verifying RCE by checking for 'uid=' and 'gid=' in the response.

This repository contains a Python-based exploit for CVE-2025-3248, targeting a remote code execution vulnerability in Langflow via the `/api/v1/validate/code` endpoint. The exploit leverages dynamic `exec()` misuse to achieve unauthenticated RCE.

This repository contains a functional exploit for CVE-2025-3248, targeting a code injection vulnerability in Langflow's /api/v1/validate/code endpoint. The exploit sends a crafted HTTP request with a malicious payload to achieve remote code execution (RCE).

This repository contains a functional exploit for CVE-2025-3248, targeting Langflow applications. The exploit leverages a code injection vulnerability in the `/api/v1/validate/code` endpoint to execute arbitrary commands, demonstrated via a `whoami` payload.

This repository contains a functional Python-based exploit for CVE-2025-3248, targeting Langflow with multiple RCE methods including interactive shell, reverse shell, and command execution. The exploit includes advanced features like payload obfuscation, file transfer, and persistence mechanisms.

This repository contains a functional exploit for CVE-2025-3248, an unauthenticated RCE vulnerability in Langflow ≤ 1.3.0. The exploit leverages unsafe `exec()` usage in the `/api/v1/validate/code` endpoint to execute arbitrary Python code, including reverse shells and command injection.

The repository contains a scanner for CVE-2024-21762, a Fortinet SSL VPN vulnerability, which checks for the presence of the vulnerability by sending crafted HTTP requests. It includes Python scripts to test individual hosts or multiple hosts from a file.

This repository contains a functional Rust-based exploit for CVE-2025-3248, targeting an unauthenticated RCE vulnerability in Langflow's `/api/v1/validate/code` endpoint via unsanitized `exec()` usage. The PoC sends a crafted Python payload to execute arbitrary commands and extracts the output from the error response.

This repository contains a functional exploit for CVE-2025-3248, targeting a vulnerability in Langflow (version 1.2.0). The exploit leverages a remote code execution (RCE) flaw by sending a crafted payload to the '/api/v1/validate/code' endpoint, allowing arbitrary command execution.

This repository contains a functional exploit for CVE-2025-3248, targeting Langflow's `/api/v1/validate/code` endpoint to achieve unauthenticated remote code execution (RCE) via Python code injection. The exploit sends a crafted payload that executes arbitrary commands through `subprocess.check_output`.

This repository contains a functional Python exploit for CVE-2025-3248, demonstrating remote code execution (RCE) via a code injection vulnerability in a web application's API endpoint. The exploit constructs a malicious payload to execute arbitrary system commands through the `/api/v1/validate/code` interface.

This repository contains a scanner and exploit for CVE-2025-3248, an unauthenticated RCE vulnerability in Langflow AI. The scanner checks for vulnerability by executing a payload that reads /etc/passwd, while the exploit generates a reverse shell payload.

This is a functional Python exploit for CVE-2025-3248, targeting a remote code execution vulnerability in Langflow via the `/api/v1/validate/code` endpoint. The exploit injects a malicious Python function into the API, triggering command execution through `subprocess.check_output`.

This is a functional Python exploit for CVE-2025-3248, targeting Langflow instances with unauthenticated remote code execution via crafted HTTP requests to the `/api/v1/validate/code` endpoint. It supports both single-target and bulk scanning with custom command execution.

This repository contains a Python-based exploit for CVE-2025-3248, targeting an authenticated RCE vulnerability in Langflow. The exploit supports command execution and reverse shell functionality via a crafted API request.

The repository provides a detailed writeup for CVE-2025-3248, an arbitrary Python code execution vulnerability in Langflow versions up to 1.2.0. It describes the impact, affected versions, and references but does not include exploit code.

This exploit targets a code injection vulnerability in Langflow's /api/v1/validate/code endpoint, allowing unauthenticated remote code execution. It includes both a vulnerability scanner and a reverse shell payload for exploitation.

This repository contains a functional PoC for CVE-2025-3248, demonstrating remote code execution (RCE) via a vulnerable API endpoint in Langflow. The exploit leverages a code validation flaw to execute arbitrary commands on the target system.

This repository contains a functional exploit for CVE-2025-3248, targeting Langflow versions prior to 1.3.0. The exploit leverages unauthenticated code injection via the `/api/v1/validate/code` endpoint to execute arbitrary Python code, establishing a reverse shell.

This repository contains a functional Python exploit for CVE-2025-3248, targeting Langflow for remote code execution (RCE). The exploit leverages a code injection vulnerability in the `/api/v1/validate/code` endpoint, allowing arbitrary command execution via crafted payloads.

This repository contains a functional proof-of-concept exploit for CVE-2025-3248, a remote code execution vulnerability in Langflow versions prior to 1.3.0. The exploit leverages the /api/v1/validate/code endpoint to inject and execute arbitrary commands via crafted Python code.

This repository contains a functional proof-of-concept exploit for CVE-2025-3248, targeting Langflow versions prior to 1.3.0. The exploit leverages a code injection vulnerability in the /api/v1/validate/code endpoint to achieve remote code execution (RCE) without authentication.

This repository contains a Python-based scanner and exploit for CVE-2025-3248, targeting unauthenticated RCE in Langflow via the `/api/v1/validate/code` endpoint. The exploit abuses dynamic code evaluation to execute arbitrary shell commands.

The repository contains functional exploit code for CVE-2025-3248, targeting Langflow. The exploit demonstrates remote code execution (RCE) by leveraging a vulnerability in the software, with clear instructions and supporting Docker setup for testing.

This is a functional proof-of-concept exploit for CVE-2025-3248, targeting an unauthenticated remote code execution vulnerability in Langflow AI via the `/api/v1/validate/code` endpoint. It provides an interactive shell for executing arbitrary commands on the target system.

This PoC exploits CVE-2025-3248, a remote code execution vulnerability in Langflow API via code injection. It allows command execution and reverse shell establishment through a vulnerable API endpoint.

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Langflow AI versions prior to 1.3.0 via the /api/v1/validate/code endpoint. It sends a crafted HTTP request with a Python payload to achieve RCE.