Critical Langflow Flaw Added to CISA's Known Exploited Vulnerabilities Catalog

A critical security vulnerability affecting the open-source platform Langflow has been added to the catalog of known exploited vulnerabilities (KEV) by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) due to evidence of active exploitation. The vulnerability, listed under the number CVE-2025-3248, has a CVSS score of 9.8 out of 10.0. The flaw is described as a lack of a critical functionality in Langflow.