CVE-2025-57760

EPSS 0.43%
Veröffentlicht 25.08.2025 16:22:17
Zuletzt bearbeitet 03.09.2025 13:56:12
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 33 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Langflow ≫ Langflow Version < 1.5.0

Langflow ≫ Langflow Version1.5.0 Updatedev0

Langflow ≫ Langflow Version1.5.0 Updatedev1

Langflow ≫ Langflow Version1.5.0 Updatedev10

Langflow ≫ Langflow Version1.5.0 Updatedev11

Langflow ≫ Langflow Version1.5.0 Updatedev12

Langflow ≫ Langflow Version1.5.0 Updatedev13

Langflow ≫ Langflow Version1.5.0 Updatedev14

Langflow ≫ Langflow Version1.5.0 Updatedev15

Langflow ≫ Langflow Version1.5.0 Updatedev16

Langflow ≫ Langflow Version1.5.0 Updatedev17

Langflow ≫ Langflow Version1.5.0 Updatedev18

Langflow ≫ Langflow Version1.5.0 Updatedev19

Langflow ≫ Langflow Version1.5.0 Updatedev2

Langflow ≫ Langflow Version1.5.0 Updatedev20

Langflow ≫ Langflow Version1.5.0 Updatedev21

Langflow ≫ Langflow Version1.5.0 Updatedev22

Langflow ≫ Langflow Version1.5.0 Updatedev23

Langflow ≫ Langflow Version1.5.0 Updatedev24

Langflow ≫ Langflow Version1.5.0 Updatedev25

Langflow ≫ Langflow Version1.5.0 Updatedev26

Langflow ≫ Langflow Version1.5.0 Updatedev27

Langflow ≫ Langflow Version1.5.0 Updatedev28

Langflow ≫ Langflow Version1.5.0 Updatedev29

Langflow ≫ Langflow Version1.5.0 Updatedev3

Langflow ≫ Langflow Version1.5.0 Updatedev30

Langflow ≫ Langflow Version1.5.0 Updatedev31

Langflow ≫ Langflow Version1.5.0 Updatedev4

Langflow ≫ Langflow Version1.5.0 Updatedev5

Langflow ≫ Langflow Version1.5.0 Updatedev6

Langflow ≫ Langflow Version1.5.0 Updatedev7

Langflow ≫ Langflow Version1.5.0 Updatedev8

Langflow ≫ Langflow Version1.5.0 Updatedev9

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.344

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://github.com/langflow-ai/langflow/security/advisories/GHSA-4gv9-mp8m-592r

Third Party Advisory

https://github.com/langflow-ai/langflow/commit/c188ec113c9ca46154ad01d0eded1754cc6bef97

Patch

http://github.com/langflow-ai/langflow/pull/9152

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-57760

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-57760

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-57760

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-57760