Integsec
Critical CVE-2025-34291 in Langflow AI Agent Under Active Exploitation
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
CVE-2025-34291 is a critical vulnerability affecting Langflow, an open-source AI agent platform, allowing attackers to take over accounts and execute arbitrary code. Disclosed on December 5, 2025, this vulnerability has a CVSS v4.0 score of 9.4, indicating severe risk. It affects versions 1.6.9 and earlier, particularly impacting organizations handling sensitive data. Attackers exploit this vulnerability through an overly permissive CORS configuration combined with misconfigured authentication cookies. As of May 21, 2026, it has been added to CISA's Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Organizations using Langflow are urged to update to the latest version immediately to mitigate risks.
Key Points: • CVE-2025-34291 allows account takeover and arbitrary code execution in Langflow. • The vulnerability affects Langflow versions 1.6.9 and earlier, posing a severe risk to organizations. • Active exploitation has been confirmed, with urgent updates recommended for affected users.