CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

CISA formally cataloged two actively exploited vulnerabilities affecting Langflow and Trend Micro Apex One in its Known Exploited Vulnerabilities database Thursday, signaling that threat actors already deploy working exploits against both flaws.

CVE-2025-34291 impacts Langflow, an open-source platform for building AI applications. The vulnerability carries a CVSS score of 9.4, indicating severe risk. The flaw stems from an origin validation error that attackers exploit to compromise systems running the affected software.

Trend Micro Apex One, a widely deployed endpoint protection platform used by enterprises, faces a separate vulnerability also added to CISA's KEV catalog. The agency confirmed active exploitation of this flaw in the wild.

Addition to CISA's KEV catalog carries weight. The designation signals that exploits function reliably against vulnerable systems and that federal agencies and critical infrastructure operators must prioritize patching. Organizations running these products face concrete, demonstrated threats rather than theoretical risks.

Langflow popularity among developers building AI applications means exposure spans technical teams across sectors. The open-source nature of the platform distributes it widely, increasing the overall attack surface. Enterprises deploying Langflow in production environments without recent patching face immediate compromise risk.

Trend Micro Apex One's enterprise focus means the vulnerability threatens security operations at Fortune 500 companies and government agencies. When endpoint protection tools themselves become attack vectors, defenders lose a critical layer of detection and response capability. Compromised Apex One instances could allow attackers to move laterally within networks undetected.

Organizations should treat both vulnerabilities as priority patches. For Langflow users, immediate updates to patched versions prevent the origin validation bypass. Trend Micro customers should review their Apex One deployments and apply available security updates without delay. Security teams lacking visibility into which systems run these products should