Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
A defense system that cannot distinguish friend from stranger eventually harms the organization it is supposed to protect.
Attackers don't need any special authentication to reach a target endpoint — they just need to know where it is.