CVE-2025-57760 | THREATINT

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.

PUBLISHED Reserved 2025-08-19 | Published 2025-08-25 | Updated 2025-08-25 | Assigner GitHub_M

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-269: Improper Privilege Management

Product status

<= 1.5.0

affected

References

github.com/...ngflow/security/advisories/GHSA-4gv9-mp8m-592r

github.com/...ommit/c188ec113c9ca46154ad01d0eded1754cc6bef97

github.com/langflow-ai/langflow/pull/9152

cve.org (CVE-2025-57760)

nvd.nist.gov (CVE-2025-57760)

Download JSON