{"vulnerability": "CVE-2025-34291", "sightings": [{"uuid": "445c7237-ab1b-40eb-a88b-05cffc9c1de1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-34291", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/115669352580293240", "content": "", "creation_timestamp": "2025-12-05T22:37:32.579335Z"}, {"uuid": "d1434157-edd4-4fd2-b752-36dd718576b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m7blfxhfwd2n", "content": "", "creation_timestamp": "2025-12-05T22:55:35.013946Z"}, {"uuid": "2afad3ec-f36b-4157-ae25-5276a70999bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mbmt47y3pf22", "content": "", "creation_timestamp": "2026-01-04T21:02:59.752909Z"}, {"uuid": "d5d31da3-0541-4af4-b63b-b85e64546222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-34291.yaml", "content": "", "creation_timestamp": "2026-01-03T23:47:09.000000Z"}, {"uuid": "f22e2a04-54c8-47c9-a111-9ae50508539d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://mastodon.social/users/verbrecher/statuses/115673292044950996", "content": "", "creation_timestamp": "2025-12-06T15:19:26.913700Z"}, {"uuid": "8deaa40b-7410-49e8-8ad1-2487cd0e71b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3m7j3d7jucc2j", "content": "", "creation_timestamp": "2025-12-08T22:29:03.677700Z"}, {"uuid": "5c4324c0-f788-4099-a4ae-da3ebd0a5da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mdgnthprbx2j", "content": "", "creation_timestamp": "2026-01-27T21:03:05.049555Z"}, {"uuid": "b2a2087a-9f47-49a8-8e2c-53f11370d5ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3mddihlgsfk2s", "content": "", "creation_timestamp": "2026-01-26T14:48:56.835493Z"}, {"uuid": "f7aca27d-fc68-4460-958e-3d73c0d44386", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "published-proof-of-concept", "source": "Telegram/p6_7Fzr7AE5-s9SdgqzAFTlpxGf9IMuh2DhHzRrKndjq5KI", "content": "", "creation_timestamp": "2026-05-18T21:00:03.000000Z"}, {"uuid": "a283f098-5f60-4e5e-984d-5edb50d201d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/6547502", "content": "2026-05-21: [CVE-2025-34291] Langflow Origin Validation Error VulnerabilityLangflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. This could allow the attacker to execute arbitrary code and achieve full system compromise via obtained tokens that permit access to authenticated endpoints.\ncisakev", "creation_timestamp": "2026-05-21T19:22:23.274443Z"}, {"uuid": "98f3730d-90b0-4c20-a9a3-cb1e847ae4ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/cvesentinel.bsky.social/post/3mmf5sd5pa32s", "content": "\ud83d\uded1 CVE-2025-34291\nLangflow Langflow\nCVSS 9.4 / EPSS 9% / KEV\nTL;DR: Langflow versions up to and including 1.6.9 contain a chained vulnerability that enabl\u2026\nhttps://cvesentinel.replit.app/report/CVE-2025-34291?utm_source=bluesky&utm_medium=social&utm_campaign=cvesentinel\n#infosec #CVE #vulnerability", "creation_timestamp": "2026-05-21T19:30:07.691473Z"}, {"uuid": "d498b8af-77c2-46bd-90e3-8adc907b7832", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://thehackernews.com/2026/05/cisa-adds-exploited-langflow-and-trend.html", "content": "The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\n\nThe vulnerabilities in question are listed below -\n\n\n  CVE-2025-34291 (CVSS score: 9.4) - An origin validation error vulnerability in Langflow that could", "creation_timestamp": "2026-05-22T03:47:33.000000Z"}, {"uuid": "2798f7ec-ecfb-4a1c-b373-d09cdd774fb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://www.acn.gov.it/portale/w/langflow-rilevato-sfruttamento-della-cve-2025-34291", "content": "", "creation_timestamp": "2026-05-22T06:10:44.000000Z"}, {"uuid": "d69196cb-4289-4f8f-a016-2a3112892af7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "Telegram/pgeIv_xa8AzQaCo8hqS5hlx8pfGv-ldT0nDTSWu_i-eUGA", "content": "", "creation_timestamp": "2026-05-22T07:29:55.000000Z"}, {"uuid": "4b287d72-56f4-4e2d-9f91-6461ddca020b", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3de6464b-7f59-4e0e-a407-d5f8c516ea1e", "content": "", "creation_timestamp": "2026-05-22T17:00:02.446253Z"}, {"uuid": "0f86bb4e-c9ea-416a-99db-e9467e6f2e2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mmhbv4rldr2q", "content": "CVE-2025-34291 & CVE-2026-34926: Critical Langflow RCE and Trend Micro Apex O...\n\nCISA adds two critical vulnerabilities to KEV catalog: CVE-2025-34291 (Langflow CORS misconfiguration enabling accou...\n\n\ud83d\udd17 https://ipsec.live/blog/2026-05-22-langflow-apex-one-cisa-kev\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-22T15:48:35.916605Z"}, {"uuid": "330a3cfd-d9f2-4232-b64d-8d56b1adc2e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mmmjhc252h2g", "content": "CISA Adds Critical Langflow Vulnerability (CVE-2025-34291) to KEV Catalog Following Active Exploitation", "creation_timestamp": "2026-05-24T17:47:20.782784Z"}, {"uuid": "cf5672c8-ba74-42f6-b944-7f368a061845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116619809226441932", "content": "\ud83d\udcf0 CISA KEV Catalog Updated: Actively Exploited Langflow and Trend Micro Flaws Demand Urgent Patching\n\ud83d\udce2 CISA KEV UPDATE: Two new vulnerabilities affecting Langflow (CVE-2025-34291) & Trend Micro Apex One (CVE-2026-34926) are being actively exploited. Federal agencies mandated to patch. All orgs urged to patch NOW! #CyberSecurity #Vulnerability #Patc...\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/cisa-adds-langflow-and-trend-micro-bugs-to-kev-catal\u2026", "creation_timestamp": "2026-05-22T19:11:13.795713Z"}, {"uuid": "bd7ac6e1-280e-43da-9210-32cd5cd3c611", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mmhnazrwsk2x", "content": "\ud83d\udce2 CISA KEV UPDATE: Two new vulnerabilities affecting Langflow (CVE-2025-34291) & Trend Micro Apex One (CVE-2026-34926) are being actively exploited. Federal agencies mandated to patch. All orgs urged to patch NOW! #CyberSecurity #Vulnerability #Patc...\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-05-22T19:12:07.695830Z"}, {"uuid": "86951268-c6e7-441d-b7f3-0a231a9bd76c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://t.me/thehackernews/9060", "content": "\ud83d\udea8 CISA just added two actively exploited vulns to its KEV catalog.\n\nhttps://thehackernews.com/2026/05/cisa-adds-exploited-langflow-and-trend.html\n\nCritical RCE in Langflow (CVE-2025-34291, CVSS 9.4) and directory traversal in Trend Micro Apex One (on-prem).\n\nPatch now if you're using either.", "creation_timestamp": "2026-05-22T07:12:29.000000Z"}, {"uuid": "e1b0b175-7d3f-4e76-a7db-53bda259e0ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/cyberlensai.bsky.social/post/3mmlqd6ylh72w", "content": "CVE watch: CVE-2025-34291: Langflow Langflow \u2014 Langflow Origin Validation Error\u2026\n\nCheck exposure, dependency, and agent/tool access before panic-patching. Inventory beats vibes.\n\nSource: cisa.gov\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-34291", "creation_timestamp": "2026-05-24T10:17:39.576708Z"}, {"uuid": "b62eb160-1e8c-4c38-b3a2-0284c5bd03b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3mmiontm2ao2p", "content": "Every Langflow install on version 1.6.9 or older is being targeted by Iran's MuddyWater APT. CISA added CVE-2025-34291 to its KEV catalog May 21. The flaw chains permissive CORS with a CSRF gap on a code-execution endpoint, enabling account takeover and RCE. Federal patch deadline: June 4.", "creation_timestamp": "2026-05-23T05:09:50.953927Z"}, {"uuid": "f91e0652-264c-4f27-8843-1be09ab90d7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "Telegram/hQ1BgqlandqZtiBEN_8bc-Jqb7FATWW_NqNwwco7cLj54NM", "content": "", "creation_timestamp": "2026-05-23T03:00:04.000000Z"}, {"uuid": "344c40e6-3340-4263-85c2-67ffb7a2a27d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/cvesentinel.bsky.social/post/3mmrvjmqiyx2u", "content": "\ud83d\uded1 CVE-2025-34291\n\nCVSS 9.4 / EPSS 30% / KEV\nTL;DR: Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and\u2026\nhttps://cvesentinel.com/report/CVE-2025-34291?utm_source=bluesky&utm_medium=social&utm_campaign=cvesentinel\n#infosec #CVE #vulnerability", "creation_timestamp": "2026-05-26T21:06:42.429327Z"}, {"uuid": "03f3d285-4bc5-4c07-9b61-b0ed552af415", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mmpbklfn5o2x", "content": "CISA has added two vulnerabilities to its KEV catalog: CVE-2025-34291 (CVSS 9.4) in Langflow, allowing arbitrary code execution and full system compromise, and CVE-2026-34926 (CVSS 6.7) in Trend Micro Apex One, enabling local attackers to inject malicious code.", "creation_timestamp": "2026-05-25T20:04:00.680294Z"}, {"uuid": "b45edffc-5cee-4e6b-bc2f-acf2708c6fe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34291", "type": "seen", "source": "https://bsky.app/profile/cvesentinel.bsky.social/post/3mmrvjyxdaj2s", "content": "\ud83d\uded1 CVE-2025-34291\n\nCVSS 9.4 / EPSS 30% / KEV\nTL;DR: Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and\u2026\nhttps://cvesentinel.com/report/CVE-2025-34291?utm_source=bluesky&utm_medium=social&utm_campaign=cvesentinel\n#infosec #CVE #vulnerability", "creation_timestamp": "2026-05-26T21:06:55.103383Z"}]}