CVE-2025-57760
25.08.2025, 17:15
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.Enginsight
| Vendor | Product | Version |
|---|---|---|
| langflow | langflow | 𝑥 < 1.5.0 |
| langflow | langflow | 1.5.0:dev0 |
| langflow | langflow | 1.5.0:dev1 |
| langflow | langflow | 1.5.0:dev10 |
| langflow | langflow | 1.5.0:dev11 |
| langflow | langflow | 1.5.0:dev12 |
| langflow | langflow | 1.5.0:dev13 |
| langflow | langflow | 1.5.0:dev14 |
| langflow | langflow | 1.5.0:dev15 |
| langflow | langflow | 1.5.0:dev16 |
| langflow | langflow | 1.5.0:dev17 |
| langflow | langflow | 1.5.0:dev18 |
| langflow | langflow | 1.5.0:dev19 |
| langflow | langflow | 1.5.0:dev2 |
| langflow | langflow | 1.5.0:dev20 |
| langflow | langflow | 1.5.0:dev21 |
| langflow | langflow | 1.5.0:dev22 |
| langflow | langflow | 1.5.0:dev23 |
| langflow | langflow | 1.5.0:dev24 |
| langflow | langflow | 1.5.0:dev25 |
| langflow | langflow | 1.5.0:dev26 |
| langflow | langflow | 1.5.0:dev27 |
| langflow | langflow | 1.5.0:dev28 |
| langflow | langflow | 1.5.0:dev29 |
| langflow | langflow | 1.5.0:dev3 |
| langflow | langflow | 1.5.0:dev30 |
| langflow | langflow | 1.5.0:dev31 |
| langflow | langflow | 1.5.0:dev4 |
| langflow | langflow | 1.5.0:dev5 |
| langflow | langflow | 1.5.0:dev6 |
| langflow | langflow | 1.5.0:dev7 |
| langflow | langflow | 1.5.0:dev8 |
| langflow | langflow | 1.5.0:dev9 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration