AI Threat Alert

CVE-2025-57760

GHSA-4gv9-mp8m-592r HIGH
Published August 25, 2025

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
langflow pip <= 1.5.0 1.5.1
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow pip No patch
langflow-base pip <= 0.5.0 0.5.1

Severity & Risk

CVSS 3.1
8.8 / 10
EPSS
0.0%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

Patch available

Update langflow to version 1.5.1

Update langflow-base to version 0.5.1

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.

Weaknesses (CWE)

CWE-269 Improper Privilege Management Primary CWE-269

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Timeline

Published
August 25, 2025
Last Modified
December 18, 2025
First Seen
August 25, 2025
Back to Threat Feed