Critical CVE-2025-34291 in Langflow AI Agent Under Active Exploitation

CVE-2025-34291 is a critical remote code execution and account takeover vulnerability in Langflow (affecting versions 1.6.9 and earlier) with a CVSS v4.0 score of 9.4; a public PoC and active exploitation have been reported and the issue has been added to CISA's Known Exploited Vulnerabilities catalog, prompting urgent recommendations to update Langflow, harden CORS policies, and review authentication cookie configurations.