CVE-2025-57760

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-57760
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://github.com/langflow-ai/langflow/pull/9152 Patch
https://github.com/langflow-ai/langflow/commit/c188ec113c9ca46154ad01d0eded1754cc6bef97 Patch
https://github.com/langflow-ai/langflow/security/advisories/GHSA-4gv9-mp8m-592r Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev0:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev1:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev10:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev11:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev12:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev13:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev14:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev15:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev16:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev17:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev18:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev19:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev2:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev20:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev21:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev22:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev23:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev24:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev25:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev26:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev27:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev28:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev29:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev3:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev30:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev31:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev4:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev5:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev6:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev7:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev8:*:*:*:*:*:*
cpe:2.3:a:langflow:langflow:1.5.0:dev9:*:*:*:*:*:*
History

No history.

Information

Published : 2025-08-25 17:15

Updated : 2025-09-03 13:56

NVD link : CVE-2025-57760

Mitre link : CVE-2025-57760

CVE.ORG link : CVE-2025-57760

JSON object : View

Products Affected

langflow

  • langflow
CWE
CWE-269

Improper Privilege Management