CVE-2025-68478

Published: Dec 19, 2025Modified: Jan 2, 2026

7.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Exploitability: 2.8 / Impact: 4.2

Source: security-advisories@github.com (Secondary)

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is. Version 1.7.0 fixes the issue.

Affected (1)

Products: Langflow: Langflow

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Langflow Langflow	Before 1.7.0

Related CWEs

Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (2)

https://github.com/langflow-ai/langflow/security/advisories/GHSA-f43r-cc68-gpx4

Source: security-advisories@github.com

ExploitVendor Advisory

https://github.com/langflow-ai/langflow/security/advisories/GHSA-f43r-cc68-gpx4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitVendor Advisory

Timeline

No history available yet.