U.S. CISA Adds Langflow Flaw to Its Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Langflow vulnerability, listed under the number CVE-2025-3248 with a CVSS score of 9.8, to its catalog of known exploited vulnerabilities (KEV). Langflow is a popular tool used to build agentic AI workflows. The vulnerability CVE-2025-3248 has been identified as being actively exploited.