Langflow Origin Validation Error Vulnerability
Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. This could allow the attacker to execute arbitrary code and achieve full system compromise via obtained tokens that permit access to authenticated endpoints.
Quick answer
Langflow should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- Review vendor advisory for affected versions.
Fixed versions
- Apply the latest vendor-supported patched version.
How to fix it
Upgrade Langflow to the fixed vendor release and harden the deployment boundary. Because Langflow often has access to model providers, workflows, and secrets, remediation should include token rotation and review of exposed API routes.
- Inventory every Langflow deployment, including containers, developer sandboxes, public demos, and internal workflow builders.
- Upgrade Langflow to the fixed release identified by the vendor advisory, or remove the instance if it is no longer required.
- Place Langflow behind SSO, VPN, or a trusted reverse proxy; do not expose unauthenticated admin or API routes to the internet.
- Set explicit CORS origins, secure cookies, CSRF protections, and strict authentication policy for all user-facing routes.
- Rotate Langflow API keys, model-provider keys, database credentials, webhook secrets, and tokens stored in flows.
- Review flows, components, uploaded files, and execution logs for unauthorized changes or unexpected outbound calls.
- Rebuild containers from clean images and redeploy from trusted source after the upgrade.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm the running Langflow version matches the fixed vendor release.
- Validate public access requires authentication and only approved origins can call APIs.
- Review application logs for suspicious flow execution, admin changes, or token access before patching.
- Run a test workflow after rotation to confirm legitimate integrations still work.
- Run a Fixnx scan and confirm no public Langflow admin or API exposure remains.
Related categories
Trusted references
FAQ
What is affected by CVE-2025-34291?
Langflow should be checked against the vendor advisory and trusted references linked on this page.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
Why can this risk appear in multiple categories?
A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.
