CISA adds Langflow flaw CVE-2025-34291 to its KEV catalog. Attackers can exfiltrate API keys and tokens. # Cybersecurity # AI https:// deafnews.it/en/article/ci
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Langflow, identified as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) catalog. This flaw allows attackers to exfiltrate sensitive API keys and tokens. The inclusion in the KEV catalog mandates federal agencies to patch this vulnerability to prevent potential exploitation. AI
IMPACT This vulnerability in Langflow, an AI development tool, could lead to the compromise of sensitive API keys and tokens, impacting the security of AI projects.