Critical Origin Validation Flaw in Langflow (CVE‑2025‑34291) and Trend Micro Apex One Added to CISA KEV Catalog – Active Exploitation Threatens Enterprise Workflows and Endpoint Security
What It Is — CISA has placed two actively‑exploited flaws into its Known Exploited Vulnerabilities (KEV) list: an origin‑validation error in the open‑source LLM workflow platform Langflow (CVE‑2025‑34291, CVSS 9.4) and a remote‑code‑execution issue in Trend Micro Apex One, a widely‑deployed endpoint‑security suite. Both bugs allow unauthenticated attackers to bypass security controls and execute arbitrary code on vulnerable hosts.
Exploitability — Proof‑of‑concept exploits have been observed in the wild for both flaws; CISA’s advisory cites active exploitation campaigns targeting organizations that integrate Langflow into internal AI pipelines or deploy Apex One on endpoint fleets.
Affected Products
- Langflow – open‑source LLM orchestration tool (various self‑hosted deployments).
- Trend Micro Apex One – endpoint protection platform (Windows, macOS, Linux agents).
TPRM Impact – Supply‑chain risk is elevated because many third‑party SaaS providers embed Langflow in their AI services, and Apex One is often a mandated security layer for downstream vendors. A breach in either product can cascade to partner ecosystems, exposing data and disrupting operations.
Recommended Actions –
- Patch Immediately – Apply the vendor‑released fixes for CVE‑2025‑34291 (Langflow) and the Apex One vulnerability; verify patch deployment across all environments.
- Segmentation – Isolate Langflow instances from critical internal networks and enforce strict origin‑validation controls until patches are confirmed.
- Endpoint Review – Conduct an inventory of all devices running Apex One; ensure the latest agent version and enable automatic update policies.
- Third‑Party Risk Review – Re‑assess any suppliers or SaaS services that rely on Langflow or Apex One; request evidence of remediation and update contractual security clauses.
- Monitoring – Deploy IDS/IPS signatures for known exploit traffic and enable CISA‑recommended KEV alerts in your SIEM.
Source: The Hacker News – CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV