Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-57760

Опубликовано: 25 авг. 2025
Источник: nvd
CVSS3: 8.8
EPSS Низкий

Описание

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
Версия до 1.5.0 (исключая)
cpe:2.3:a:langflow:langflow:1.5.0:dev0:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev1:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev10:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev11:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev12:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev13:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev14:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev15:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev16:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev17:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev18:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev19:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev2:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev20:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev21:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev22:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev23:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev24:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev25:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev26:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev27:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev28:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev29:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev3:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev30:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev31:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev4:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev5:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev6:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev7:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev8:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev9:*:*:*:*:*:*

EPSS

Процентиль: 5%
0.0002
Низкий

8.8 High

CVSS3

Дефекты

CWE-269

Связанные уязвимости

github логотип

GHSA-4gv9-mp8m-592r

CVSS3: 8.8
github
6 месяцев назад

Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)

EPSS

Процентиль: 5%
0.0002
Низкий

8.8 High

CVSS3

Дефекты

CWE-269