Skip to content

Commit a8d86b3

Browse files
author
jenkins-metasploit
committed
automatic module_metadata_base.json update
1 parent 140b93e commit a8d86b3

File tree

1 file changed

+59
-0
lines changed

1 file changed

+59
-0
lines changed

db/modules_metadata_base.json

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96316,6 +96316,65 @@
9631696316
"session_types": false,
9631796317
"needs_cleanup": true
9631896318
},
96319+
"exploit_multi/http/langflow_unauth_rce_cve_2025_3248": {
96320+
"name": "Langflow AI RCE",
96321+
"fullname": "exploit/multi/http/langflow_unauth_rce_cve_2025_3248",
96322+
"aliases": [],
96323+
"rank": 600,
96324+
"disclosure_date": "2025-04-09",
96325+
"type": "exploit",
96326+
"author": [
96327+
"Naveen Sunkavally (Horizon3.ai)",
96328+
"Takahiro Yokoyama"
96329+
],
96330+
"description": "Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint.\n A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.",
96331+
"references": [
96332+
"CVE-2025-3248",
96333+
"URL-https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/"
96334+
],
96335+
"platform": "Python",
96336+
"arch": "python",
96337+
"rport": 7860,
96338+
"autofilter_ports": [
96339+
80,
96340+
8080,
96341+
443,
96342+
8000,
96343+
8888,
96344+
8880,
96345+
8008,
96346+
3000,
96347+
8443
96348+
],
96349+
"autofilter_services": [
96350+
"http",
96351+
"https"
96352+
],
96353+
"targets": [
96354+
"Python payload"
96355+
],
96356+
"mod_time": "2025-04-12 09:33:54 +0000",
96357+
"path": "/modules/exploits/multi/http/langflow_unauth_rce_cve_2025_3248.rb",
96358+
"is_install_path": true,
96359+
"ref_name": "multi/http/langflow_unauth_rce_cve_2025_3248",
96360+
"check": true,
96361+
"post_auth": false,
96362+
"default_credential": false,
96363+
"notes": {
96364+
"Stability": [
96365+
"crash-safe"
96366+
],
96367+
"SideEffects": [
96368+
"artifacts-on-disk",
96369+
"ioc-in-logs"
96370+
],
96371+
"Reliability": [
96372+
"repeatable-session"
96373+
]
96374+
},
96375+
"session_types": false,
96376+
"needs_cleanup": null
96377+
},
9631996378
"exploit_multi/http/lcms_php_exec": {
9632096379
"name": "LotusCMS 3.0 eval() Remote Command Execution",
9632196380
"fullname": "exploit/multi/http/lcms_php_exec",

0 commit comments

Comments
 (0)