CVE-2025-57760
📋 TL;DR
This privilege escalation vulnerability in Langflow allows authenticated users with RCE access to create new administrative accounts using the internal CLI command 'langflow superuser'. This affects all Langflow deployments where users can execute commands within containers, enabling regular users to gain full superuser privileges.
💻 Affected Systems
- Langflow
📦 What is this software?
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
Langflow by Langflow
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains complete administrative control over the Langflow instance, potentially compromising all workflows, AI agents, and sensitive data processed by the system.
Likely Case
Malicious or compromised regular users elevate their privileges to admin level, allowing them to modify workflows, access sensitive data, and potentially pivot to other systems.
If Mitigated
With proper access controls and container isolation, impact is limited to the specific container where exploitation occurs.
🎯 Exploit Status
Exploitation requires authenticated access and RCE capability within the container environment.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version containing commit c188ec113c9ca46154ad01d0eded1754cc6bef97
Vendor Advisory: https://github.com/langflow-ai/langflow/security/advisories/GHSA-4gv9-mp8m-592r
Restart Required: Yes
Instructions:
1. Update Langflow to version containing commit c188ec113c9ca46154ad01d0eded1754cc6bef97. 2. Restart all Langflow containers. 3. Verify the fix by checking that 'langflow superuser' command is no longer accessible to regular users.
🔧 Temporary Workarounds
Restrict container command execution
linuxPrevent users from executing arbitrary commands within Langflow containers
docker update --security-opt no-new-privileges langflow_container
kubectl patch deployment langflow -p '{"spec":{"template":{"spec":{"securityContext":{"allowPrivilegeEscalation":false}}}}}'
Implement network segmentation
allIsolate Langflow containers from sensitive systems and limit user access
🧯 If You Can't Patch
- Implement strict access controls to prevent regular users from obtaining RCE capabilities within containers
- Monitor for suspicious user activity and privilege escalation attempts using the detection indicators provided
🔍 How to Verify
Check if Vulnerable:
Attempt to execute 'langflow superuser' command as a regular authenticated user within a Langflow containerCheck Version:
langflow --versionVerify Fix Applied:
Verify that 'langflow superuser' command returns an error or is unavailable to non-admin users📡 Detection & Monitoring
Log Indicators:
- Log entries containing 'langflow superuser' command execution
- Unexpected user privilege changes
- New admin user creation events
Network Indicators:
- Unusual API calls to user management endpoints from non-admin accounts
SIEM Query:
source="langflow" AND ("superuser" OR "privilege escalation" OR "admin creation")