CVE-2025-57760

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-57760
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57760.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-57760
Aliases
Published
2025-08-25T16:22:17.772Z
Modified
2026-04-10T05:40:32.021263Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation
Details

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-269"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57760.json"
}
References

Affected packages

Git / github.com/langflow-ai/langflow

Affected ranges

Type
GIT
Repo
http://github.com/langflow-ai/langflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9ad92eaeaa935db67deca300c40ed0dffea39131
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0"
        }
    ]
}

Affected versions

1.*
1.1.2
1.1.3
1.1.4
1.2.0
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.4.0
1.4.1
1.4.2
1.5.0
v0.*
v0.0.31
v0.0.69
v0.0.70
v0.0.71
v0.0.72
v0.0.73
v0.0.74
v0.0.75
v0.0.76
v0.0.77
v0.0.78
v0.0.79
v0.0.80
v0.0.81
v0.0.82
v0.0.83
v0.0.84
v0.0.85
v0.0.86
v0.0.87
v0.0.88
v0.0.89
v0.1.0
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.2.0
v0.2.1
v0.2.10
v0.2.11
v0.2.12
v0.2.13
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.4.0
v0.4.1
v0.4.10
v0.4.11
v0.4.12
v0.4.14
v0.4.15
v0.4.16
v0.4.17
v0.4.18
v0.4.19
v0.4.2
v0.4.20
v0.4.21
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.5.0a0
v0.5.0a1
v0.5.0a2
v0.5.0a3
v0.5.0a4
v0.5.0a5
v0.5.0a6
v0.5.0b0
v0.5.0b2
v0.5.0b3
v0.5.0b4
v0.5.0b5
v0.5.0b6
v0.5.1
v0.5.10
v0.5.11
v0.5.12
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.0a0
v0.6.0rc1
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.13
v0.6.14
v0.6.15
v0.6.16
v0.6.17
v0.6.18
v0.6.19
v0.6.2
v0.6.3
v0.6.3a0
v0.6.3a1
v0.6.3a2
v0.6.3a3
v0.6.3a4
v0.6.3a5
v0.6.3a6
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.8
v0.6.9
v1.*
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.19
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57760.json"

Git / github.com/langflow-ai/langflow

Affected ranges

Type
GIT
Repo
https://github.com/langflow-ai/langflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9ad92eaeaa935db67deca300c40ed0dffea39131
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f4e78421e5af8d8efb7800e73146608bdb0aa7d0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
665c4a56e0ad226ef43daaca5a27797e2f5a07e0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
411b8e7fbecbef4fa808c2a4ee314165b50fcb39
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
100fc40d96552d0481857984fbe08eed8f82d563
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ff7dac51114f13430acb712618f2901f2c3e1607
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
03c91c04b2fa48a011fdb7460cc307edc9bc8ce5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c18330f150beadcafc33cc684dda33faacb70022
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e9b6bfeacdbfce94b3d0e05f4d804f63e5c0504b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6c4d47d160d7fd2622678439892beb5a06de27ba
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2f8e8d75e56362811a874e571b139906ce109aa9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
aef4c1d237fada75cc4de0aa019d4e5d5a1271c8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f69a8659c7c43d7078ffa5c920eb90a06768d670
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
20f11c53156ad90a05c6546e7749f513883c8f42
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
eeb9f8340fa6752b96ec31591761788ecfb7dc3b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
86e61f276447b693543aad8377b270bc0b70a8a6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
770a751af8172439142bc2476c8d738e40b16f5f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3af623ff8977cfbf0fd22eb3e5d20ac5df635fc1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
565b794dce8950a9f6c5f4126e19a213a3575232
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4f53567f476d82b92e685dd486cbb3c09a650835
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
90326fc2dbccbecfd72a6d31422670ea433763c4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6ed38a4be2e259918843eeff394e916654ebebaa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
959a1b1396aa9fad5cf5c3e2de2261a09a5da037
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d353b45e320990bb854ab072f29d4dff2db828d0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
884a00d44aebc5832581d93d871379f21764312e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
023ecec63fdbd1f26ddb4b9336351a7fb7bc14fc
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
41f59bf7003618e4feeecca8b6b365ec03f19b2a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dd9a4fd6aface703d7b77346bcfdc984a403f206
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8cd790ccd32c009d5b77f1dea8bad6a32ae3ec37
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8bf6c67a09ae66421f6021eeffe431d9de242a34
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
533082f575f05f5af1e9c866acc48de0073d5f4f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4c87502c1d7b848f256be47a34aa707a89838f5b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0a32397db440b3a6493432e6922714eb35e9fc65
Fixed
c188ec113c9ca46154ad01d0eded1754cc6bef97
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev13"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev15"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev16"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev17"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev18"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev19"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev20"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev21"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev22"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev23"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev24"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev25"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev26"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev27"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev28"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev29"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev30"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev31"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.0-dev9"
        }
    ]
}

Affected versions

1.*
1.1.2
1.1.3
1.1.4
1.2.0
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.4.0
1.4.1
1.4.2
1.5.0.post1
v0.*
v0.0.31
v0.0.69
v0.0.70
v0.0.71
v0.0.72
v0.0.73
v0.0.74
v0.0.75
v0.0.76
v0.0.77
v0.0.78
v0.0.79
v0.0.80
v0.0.81
v0.0.82
v0.0.83
v0.0.84
v0.0.85
v0.0.86
v0.0.87
v0.0.88
v0.0.89
v0.1.0
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.2.0
v0.2.1
v0.2.10
v0.2.11
v0.2.12
v0.2.13
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.4.0
v0.4.1
v0.4.10
v0.4.11
v0.4.12
v0.4.14
v0.4.15
v0.4.16
v0.4.17
v0.4.18
v0.4.19
v0.4.2
v0.4.20
v0.4.21
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.5.0a0
v0.5.0a1
v0.5.0a2
v0.5.0a3
v0.5.0a4
v0.5.0a5
v0.5.0a6
v0.5.0b0
v0.5.0b2
v0.5.0b3
v0.5.0b4
v0.5.0b5
v0.5.0b6
v0.5.1
v0.5.10
v0.5.11
v0.5.12
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.0a0
v0.6.0rc1
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.13
v0.6.14
v0.6.15
v0.6.16
v0.6.17
v0.6.18
v0.6.19
v0.6.2
v0.6.3
v0.6.3a0
v0.6.3a1
v0.6.3a2
v0.6.3a3
v0.6.3a4
v0.6.3a5
v0.6.3a6
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.8
v0.6.9
v1.*
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.19
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.5.0.dev0
v1.5.0.dev1
v1.5.0.dev10
v1.5.0.dev11
v1.5.0.dev12
v1.5.0.dev13
v1.5.0.dev14
v1.5.0.dev15
v1.5.0.dev16
v1.5.0.dev17
v1.5.0.dev18
v1.5.0.dev19
v1.5.0.dev2
v1.5.0.dev20
v1.5.0.dev21
v1.5.0.dev22
v1.5.0.dev23
v1.5.0.dev24
v1.5.0.dev25
v1.5.0.dev26
v1.5.0.dev27
v1.5.0.dev28
v1.5.0.dev29
v1.5.0.dev3
v1.5.0.dev30
v1.5.0.dev31
v1.5.0.dev4
v1.5.0.dev5
v1.5.0.dev6
v1.5.0.dev7
v1.5.0.dev8
v1.5.0.dev9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57760.json"