The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Langflow, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitation in the wild and prompting urgent remediation efforts across affected environments.
CVE-2025-34291 is an origin validation flaw impacting Langflow, a widely used framework for building and orchestrating AI-driven workflows. The issue is classified under CWE-346 (Origin Validation Error) and arises from a combination of overly permissive Cross-Origin Resource Sharing (CORS) policies and insecure cookie configurations.
Actively Exploited Langflow Flaw
According to CISA, Langflow improperly validates request origins, allowing untrusted domains to interact with backend services. This is compounded by the use of refresh token cookies configured with SameSite=None, which permits cookies to be sent with cross-origin requests, effectively weakening browser-enforced security boundaries.
The vulnerability enables attackers to exploit trust relationships between web domains through crafted cross-origin requests. Key technical characteristics include:
- Overly permissive CORS configuration that fails to restrict trusted origins.
- Improper origin validation mechanisms allowing unauthorized domain interaction.
- Refresh tokens stored in cookies with
SameSite=None, exposing them to cross-site requests. - Exploitation of authentication refresh endpoints to obtain valid session tokens.
An attacker can host a malicious webpage that silently issues cross-origin requests to a vulnerable Langflow instance. If a victim is authenticated, their browser will include the refresh token cookie, enabling the attacker to obtain new access tokens without user interaction.
Successful exploitation of CVE-2025-34291 may lead to full account compromise and potential system-level access, depending on user privileges. Threat actors can leverage stolen tokens to interact with authenticated APIs and perform unauthorized operations.
Potential impacts include:
- Session hijacking and unauthorized account access.
- Exposure of sensitive workflows, configurations, and data.
- Execution of arbitrary actions within Langflow environments.
- Privilege escalation and lateral movement across infrastructure.
While CISA has not explicitly linked this vulnerability to ransomware campaigns, token theft and authentication bypass flaws are commonly used in post-exploitation stages.
The inclusion of CVE-2025-34291 in the KEV catalog confirms active exploitation and elevates its priority for remediation. Under Binding Operational Directive (BOD) 22-01, U.S. federal agencies are required to address this vulnerability by June 4, 2026.
Private sector organizations and security teams using Langflow are also strongly advised to take immediate action to mitigate risk.
Mitigation
CISA and security experts recommend the following measures:
- Apply vendor-provided patches or updates as soon as available.
- Restrict CORS policies to explicitly trusted domains.
- Configure cookies with secure attributes such as
SameSite=StrictorLax. - Review authentication and session management mechanisms.
- Monitor logs for suspicious cross-origin requests and token abuse activity.
If mitigations or patches are not immediately available, organizations should consider temporarily disabling or isolating affected systems to prevent exploitation.
The discovery and active exploitation of CVE-2025-34291 underscore the growing risks associated with misconfigured CORS policies in modern web applications, particularly those handling authentication tokens.
As AI-driven platforms like Langflow become more integrated into enterprise workflows, ensuring strict origin validation and secure session handling is critical.
This development serves as a reminder for organizations to audit web application security configurations, enforce least-privilege access controls, and proactively address vulnerabilities that could expose authentication mechanisms to cross-origin attacks.
No Comment! Be the first one.