Home

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is. Version 1.7.0 fixes the issue.

PUBLISHED Reserved 2025-12-18 | Published 2025-12-19 | Updated 2025-12-19 | Assigner GitHub_M




HIGH: 7.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Problem types

CWE-73: External Control of File Name or Path

Product status

< 1.7.0
affected

References

github.com/...ngflow/security/advisories/GHSA-f43r-cc68-gpx4 exploit

github.com/...ngflow/security/advisories/GHSA-f43r-cc68-gpx4

cve.org (CVE-2025-68478)

nvd.nist.gov (CVE-2025-68478)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.