CISA adds Langflow, Trend Micro bugs to KEV

What Happened

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog: a critical Langflow vulnerability (CVE-2025-34291) and an unlisted Trend Micro Apex One vulnerability. Both are being actively exploited in the wild, according to CISA’s directive, which orders federal civilian agencies to remediate the flaws by an upcoming deadline. While CISA has not publicly named the Trend Micro Apex One CVE ID, the action confirms adversaries have weaponized an attack vector against the enterprise endpoint security platform alongside the Langflow bug.

Why It Matters

KEV catalog additions are not routine - CISA only adds vulnerabilities with confirmed in-the-wild exploitation that pose significant risk to federal networks and critical infrastructure. For the nearly 1,000 organizations tracked using Langflow (an AI workflow orchestration tool) and the millions of endpoints protected by Trend Micro Apex One, this means adversaries are actively targeting these systems today. The Langflow bug enables account takeover and remote code execution, while the Trend Micro flaw - likely a privilege escalation or bypass vector - could allow attackers to disable endpoint detection or deploy secondary payloads. Security teams should treat both as under active exploitation and prioritize patching within the 3-week federal deadline, even if their organization is not federally regulated.

Technical Details

CVE-2025-34291 affects Langflow versions prior to a recent patch (exact version range pending full disclosure). The vulnerability allows unauthenticated attackers to bypass authentication and achieve remote code execution through a flaw in the API’s session handling mechanism. Proof-of-concept code has been publicly released, lowering the barrier for opportunistic attackers. Trend Micro Apex One’s exploited flaw appears to allow privilege escalation or security control bypass; Trend Micro has released an emergency hotfix (identified as build-specific) for affected versions. Both vulnerabilities require no user interaction to exploit, making them particularly dangerous in exposed internet-facing deployments.

Immediate Risk

The combination of active exploitation, public PoC availability (for Langflow), and CISA’s binding operational directive creates an immediate, high-risk window. Langflow is often deployed in development environments and AI pipelines with elevated network access - a compromise there could pivot into production data stores. Trend Micro Apex One, as an endpoint security product, is a high-value target: taking it offline or bypassing it effectively disables a primary defensive layer. Organizations using either product should treat all internet-facing instances as compromised until patched and conduct forensic reviews for signs of lateral movement or credential theft.

Security Insight

CISA’s KEV addition for two unrelated products on the same day illustrates a broader intelligence trend: attackers are deliberately targeting security tools (Trend Micro) and AI infrastructure (Langflow) as high-leverage entry points. This mirrors the 2021 playbook where adversaries compromised SolarWinds Orion - a trusted management platform - to gain widespread network access. The defensive takeaway is that security products and AI orchestration layers should be treated as Tier 0 assets, subject to the same strict network segmentation, least-privilege access, and immutable infrastructure principles as domain controllers and identity providers. If your SOC monitors Langflow logs only for AI-specific alerts, broaden that scope to include authentication failures and suspicious API calls - the signs of exploitation may already be in your data.

Further Reading

• Langflow account takeover RCE exploited (CVE-2025-34291) [PoC]
• Latest Security News
• CVE Advisories
• Data Breach Reports