MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-68478

🔴 HIGH

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow...

Published
Dec 19, 2025
Last Modified
Dec 23, 2025
Views
9
Bookmarks
0

Description

Request Expert Review

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is. Version 1.7.0 fixes the issue.

CVSS Scores

CVSS 3.1 7.1
7.1
HIGH
CVSS 2.0 7.1

References

github.com github.com

Additional Information

Source
security-advisories@github.com
State
Undergoing analysis

Related CVEs

CVE-2025-67847

HIGH

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to ins...

Score: 8.8

CVE-2025-3839

HIGH

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be...

Score: 8.0

CVE-2025-15522

MEDIUM

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scrip...

Score: 6.4

CVE-2026-0796

HIGH

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitra...

Score: 7.2

CVE-2026-0795

HIGH

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitra...

Score: 7.2

CVE-2026-0794

HIGH

ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary cod...

Score: 8.1

Share CVE-2025-68478

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-68478 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis