High severity8.8NVD Advisory· Published Aug 25, 2025· Updated Jun 17, 2026
CVE-2025-57760
CVE-2025-57760
Description
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
langflowPyPI | < 1.5.1 | 1.5.1 |
langflow-basePyPI | < 0.5.1 | 0.5.1 |
Affected products
3- ghsa-coords2 versions
< 1.5.1+ 1 more
- (no CPE)range: < 1.5.1
- (no CPE)range: < 0.5.1
- Range: <= 1.5.0
Patches
Vulnerability mechanics
References
5- github.com/langflow-ai/langflow/pull/9152nvdPatch
- github.com/langflow-ai/langflow/commit/c188ec113c9ca46154ad01d0eded1754cc6bef97nvdPatchWEB
- github.com/advisories/GHSA-4gv9-mp8m-592rghsaADVISORY
- github.com/langflow-ai/langflow/security/advisories/GHSA-4gv9-mp8m-592rnvdThird Party AdvisoryWEB
- github.com/langflow-ai/langflow/pull/9152ghsaWEB
News mentions
0No linked articles in our index yet.