CVE-2025-34291 – This vulnerability in Langflow allows attackers... (How to Fix)

Q: What is the severity of CVE-2025-34291?

CVE-2025-34291 has a CVSS score of 8.8 (HIGH). This vulnerability in Langflow allows attackers to hijack user sessions through a CORS misconfiguration, leading to account takeover and remote code execution. Attackers can steal refresh tokens from victim sessions and use them to execute arbitrary code on the system. All Langflow deployments up to version 1.6.9 are affected.

📋 TL;DR

This vulnerability in Langflow allows attackers to hijack user sessions through a CORS misconfiguration, leading to account takeover and remote code execution. Attackers can steal refresh tokens from victim sessions and use them to execute arbitrary code on the system. All Langflow deployments up to version 1.6.9 are affected.

💻 Affected Systems

Products:

Langflow

Versions: Up to and including version 1.6.9

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. The vulnerability requires the application to be running and accessible.

📦 What is this software?

Langflow by Langflow

View all CVEs affecting Langflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise where attacker gains complete control over the Langflow instance, executes arbitrary code, accesses sensitive data, and potentially pivots to other systems.

🟠

Likely Case

Account takeover leading to unauthorized access to Langflow workflows, data exfiltration, and potential code execution within the application context.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only affecting the Langflow application itself.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely via malicious websites targeting internet-facing Langflow instances.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable to attacks from compromised internal systems or malicious insiders.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires a victim to visit a malicious website while authenticated to Langflow. The attack chain is well-documented in public advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.10 and later

Vendor Advisory: https://github.com/langflow-ai/langflow/security/advisories

Restart Required: Yes

Instructions:

1. Update Langflow to version 1.6.10 or later. 2. Restart the Langflow service. 3. Verify the CORS configuration now properly restricts origins.

🔧 Temporary Workarounds

Restrict CORS Origins

all

Manually configure CORS to only allow trusted origins instead of wildcard (*)

Edit Langflow configuration to set allow_origins to specific trusted domains instead of '*'
Set allow_credentials=False if possible

Network Segmentation

all

Restrict access to Langflow to trusted networks only

Configure firewall rules to only allow access from trusted IP ranges
Use VPN or zero-trust access for remote users

🧯 If You Can't Patch

Isolate Langflow instance behind a reverse proxy that enforces proper CORS headers
Implement strict SameSite cookie policies and consider using HttpOnly flags for sensitive cookies

🔍 How to Verify

Check if Vulnerable:

Check Langflow version and inspect CORS configuration for allow_origins='*' with allow_credentials=True

Check Version:

langflow --version or check package version in Python: pip show langflow

Verify Fix Applied:

Verify version is 1.6.10+ and test that cross-origin requests with credentials are properly rejected

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts from unusual origins
Unusual refresh token usage patterns
Code execution attempts from unexpected user accounts

Network Indicators:

Cross-origin requests to /api/v1/refresh endpoint
Requests with Origin headers from untrusted domains

SIEM Query:

source="langflow" AND (uri_path="/api/v1/refresh" OR status_code=401) | stats count by src_ip, user_agent

📊 Metadata

CVE ID: CVE-2025-34291

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-346

EPSS Score: 14.04% exploit probability (94.2th percentile)

Published: December 5, 2025

Last Updated: January 16, 2026

🔗 References

https://github.com/langflow-ai/langflow Product
https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform Exploit,Mitigation,Third Party Advisory
https://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34291, you might also want to check these: