CVE-2025-68478: External Control of File Name or Path in Langflow

December 19, 2025 (updated January 3, 2026)

Vulnerability Overview

If an arbitrary path is specified in the request body’s fs_path, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is.

Vulnerable Code

It receives the request body (flow), updates the DB, and then passes it to the file-writing sink.

References

github.com/advisories/GHSA-f43r-cc68-gpx4
github.com/langflow-ai/langflow
github.com/langflow-ai/langflow/security/advisories/GHSA-f43r-cc68-gpx4
nvd.nist.gov/vuln/detail/CVE-2025-68478

Code Behaviors & Features

Detect and mitigate CVE-2025-68478 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →