CVE-2025-57760

EPSS 0.01%
Veröffentlicht 25.08.2025 16:22:17
Zuletzt bearbeitet 03.09.2025 13:56:12
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Langflow ≫ Langflow Version < 1.5.0

Langflow ≫ Langflow Version1.5.0 Updatedev0

Langflow ≫ Langflow Version1.5.0 Updatedev1

Langflow ≫ Langflow Version1.5.0 Updatedev10

Langflow ≫ Langflow Version1.5.0 Updatedev11

Langflow ≫ Langflow Version1.5.0 Updatedev12

Langflow ≫ Langflow Version1.5.0 Updatedev13

Langflow ≫ Langflow Version1.5.0 Updatedev14

Langflow ≫ Langflow Version1.5.0 Updatedev15

Langflow ≫ Langflow Version1.5.0 Updatedev16

Langflow ≫ Langflow Version1.5.0 Updatedev17

Langflow ≫ Langflow Version1.5.0 Updatedev18

Langflow ≫ Langflow Version1.5.0 Updatedev19

Langflow ≫ Langflow Version1.5.0 Updatedev2

Langflow ≫ Langflow Version1.5.0 Updatedev20

Langflow ≫ Langflow Version1.5.0 Updatedev21

Langflow ≫ Langflow Version1.5.0 Updatedev22

Langflow ≫ Langflow Version1.5.0 Updatedev23

Langflow ≫ Langflow Version1.5.0 Updatedev24

Langflow ≫ Langflow Version1.5.0 Updatedev25

Langflow ≫ Langflow Version1.5.0 Updatedev26

Langflow ≫ Langflow Version1.5.0 Updatedev27

Langflow ≫ Langflow Version1.5.0 Updatedev28

Langflow ≫ Langflow Version1.5.0 Updatedev29

Langflow ≫ Langflow Version1.5.0 Updatedev3

Langflow ≫ Langflow Version1.5.0 Updatedev30

Langflow ≫ Langflow Version1.5.0 Updatedev31

Langflow ≫ Langflow Version1.5.0 Updatedev4

Langflow ≫ Langflow Version1.5.0 Updatedev5

Langflow ≫ Langflow Version1.5.0 Updatedev6

Langflow ≫ Langflow Version1.5.0 Updatedev7

Langflow ≫ Langflow Version1.5.0 Updatedev8

Langflow ≫ Langflow Version1.5.0 Updatedev9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.02

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://github.com/langflow-ai/langflow/security/advisories/GHSA-4gv9-mp8m-592r

Third Party Advisory

https://github.com/langflow-ai/langflow/commit/c188ec113c9ca46154ad01d0eded1754cc6bef97

Patch

http://github.com/langflow-ai/langflow/pull/9152

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-57760

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-57760

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-57760

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-57760