CVE-2025-68478
Unknown Unknown - Not Provided
Insecure File Write in Langflow Allows Arbitrary Path Overwrite

Publication date: 2025-12-19

Last updated on: 2025-12-19

Assigner: GitHub, Inc.

Description
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is. Version 1.7.0 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68478
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
langflow langflow *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Langflow (prior to version 1.7.0) allows an authenticated user to specify an arbitrary file system path via the `fs_path` parameter in a request. The server then serializes a Flow object into JSON and writes it directly to that path without any validation, normalization, or directory restrictions. This means users can overwrite files anywhere the server has permission, including critical system or application files, leading to potential disruption or further attacks. [1]

Impact Analysis

The vulnerability can lead to arbitrary file overwrite on the server, which may disrupt application behavior by overwriting configuration, log, or task files. Although it requires authentication, the attack complexity is low and no user interaction is needed. This can enable further attacks or denial of service by corrupting important files, impacting the integrity and availability of the system. [1]

Detection Guidance

This vulnerability can be detected by monitoring requests to the Langflow server's create_flow endpoint for the presence of the `fs_path` parameter containing arbitrary or absolute file system paths. Since authentication is required, inspecting authenticated API requests for unusual or unexpected file paths (e.g., absolute paths like /etc/poc.txt) can indicate exploitation attempts. Additionally, checking for unexpected file creations or modifications on the file system, especially in sensitive directories, can help detect exploitation. Specific commands might include using network traffic analysis tools (e.g., tcpdump, Wireshark) to capture HTTP requests and grep for `fs_path` parameters, or using file system monitoring tools (e.g., inotifywait on Linux) to watch for file writes in critical directories. Example commands: 1) `tcpdump -A -s 0 'tcp port 80 or tcp port 443' | grep fs_path` 2) `inotifywait -m /etc /var /tmp` to monitor file changes in common directories targeted by the vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading Langflow to version 1.7.0 or later, where the vulnerability is fixed. If upgrading is not immediately possible, restrict access to the vulnerable create_flow endpoint by limiting authentication credentials and network access. Implement strict validation and normalization of the `fs_path` parameter to enforce a root save directory and block absolute or traversal paths. Additionally, minimize file system permissions for the Langflow server process to prevent unauthorized file overwrites and block symlink traversal. Monitoring and alerting on suspicious file writes can also help mitigate impact until a full fix is applied. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68478. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart