{"uuid": "7c72e5a1-77a0-4742-8314-9f317cbf0a8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mocwrua7pv2k", "content": "Any unpatched Langflow instance is being scanned by Iranian APT MuddyWater right now. CVE-2025-34291 (CVSS 9.4) gives full code execution and exposes every API key in the workspace, cascading into connected cloud services. CISA has set the federal patch deadline at June 4.", "creation_timestamp": "2026-06-15T09:09:39.558952Z"}