FixVibe
Couvert par FixVibecritical

Langflow CORS Misconfiguration Enables Account Takeover and RCE (CVE-2025-34291)

GitHub, NVD, and CISA describe CVE-2025-34291 as a critical Langflow CORS issue affecting versions 1.6.9 and earlier. FixVibe covers it with a verified-target check that combines Langflow version and fingerprint evidence with credentialed CORS header reflection, without authenticating, reading tokens, triggering refresh flows, or proving code execution.

CVE-2025-34291GHSA-577h-p2hh-v4mvCWE-346

Attacker Impact

GitHub Advisory Database describes CVE-2025-34291 as a Langflow CORS issue where an authenticated user's browser can make credentialed cross-origin requests to an affected Langflow instance [S1]. In the vulnerable conditions, a malicious site visited by a signed-in user may be able to reach authenticated Langflow API behavior, including token-refresh behavior and API actions that can expose sensitive workspace capabilities [S1]. NVD maps the issue to CWE-346 and records critical/high scoring for the advisory, while CISA lists the CVE in the Known Exploited Vulnerabilities catalog [S2][S3].

Affected Configurations

The affected range is Langflow 1.6.9 and earlier, with Langflow 1.7.0 listed as the fixed release [S1]. The risk is highest when Langflow is reachable from a user's browser, the API reflects untrusted origins, credentials are allowed in CORS responses, and users keep active authenticated sessions. Public exposure, reverse-proxy CORS overrides, and stored AI/API credentials can increase the operational impact [S1][S2].

Concrete Fixes

  • Upgrade Langflow to 1.7.0 or newer, then restart the running service, worker, container, or package that actually serves traffic [S1].
  • Configure Langflow and any reverse proxy with an explicit trusted-origin CORS allowlist. Do not reflect arbitrary Origin values while Access-Control-Allow-Credentials is true [S1].
  • Keep Langflow behind authentication, VPN, SSO, or trusted-network access unless public exposure is explicitly required and reviewed [S2].
  • Review sessions, tokens, workspace secrets, and access logs if an affected instance was reachable from untrusted networks [S3].

Covered by FixVibe

FixVibe verified active scans can report this issue when a verified target exposes target-specific Langflow version/fingerprint evidence for an affected release and a benign API CORS probe reflects a FixVibe test origin while allowing credentials. The check is bounded to HTTP headers and version/fingerprint evidence: it does not authenticate to Langflow, read tokens, trigger a browser refresh-token flow, verify a SameSite=None refresh cookie, submit state-changing API requests, execute code, or prove account takeover/RCE. Findings include source quality, affected and fixed versions, observed CORS headers, and remediation guidance [S1][S2][S3].

Langflow CORS Misconfiguration Enables Account Takeover and RCE (CVE-2025-34291) — FixVibe research · FixVibe