Flodrix Botnet Exploits Critical Langflow Flaw CVE-2025-3248

  • A new cyberattack campaign is exploiting a critical flaw in Langflow to install the Flodrix botnet.
  • The vulnerability, CVE-2025-3248, allows remote code execution on unpatched Langflow servers.
  • Attackers use public proof-of-concept code to compromise vulnerable systems and deploy Flodrix.
  • The Flodrix botnet can launch DDoS attacks, remove traces of itself, and communicate via the TOR network.
  • Security experts advise immediate updates to Langflow version 1.3.0 or later to close the vulnerability.

On June 17, 2025, Cybersecurity researchers reported a new set of attacks using a severe vulnerability in the Python-based visual AI framework Langflow. Hackers are targeting exposed Langflow servers by exploiting a critical missing authentication flaw to install the Flodrix botnet Malware.

- Advertisement -

The vulnerability, tracked as CVE-2025-3248 with a CVSS score of 9.8, enables unauthorized attackers to execute any code on compromised servers via specially crafted web requests. Trend Micro researchers stated that attackers are running downloader scripts on affected systems, which then fetch and execute the Flodrix malware. Langflow addressed this problem in March 2025 with the release of version 1.3.0.

Last month, U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned about active exploitation of this flaw, confirming reports of live attack attempts targeting internet-exposed Langflow instances. Attackers are using a publicly available proof-of-concept code to scan for and access unpatched servers. Once inside, Hacker-controlled scripts download Flodrix from a remote server.

According to Trend Micro, the Flodrix botnet establishes connections with a command center, receiving instructions to conduct distributed denial-of-service (DDoS) attacks on designated targets. The malware can also operate over the TOR Anonymity network to mask communications. Researchers explained, “Since Langflow does not enforce input validation or sandboxing, these payloads are compiled and executed within the server’s context, leading to remote code execution.”

Trend Micro noted different downloader scripts hosted on the same infrastructure used for Flodrix, indicating that threat actors are actively adapting and expanding this campaign. They also identified Flodrix as an evolved form of the LeetHozer botnet linked to the Moobot group.

The Flodrix variant includes features to erase itself and obscure connection addresses, making detection and analysis harder. It deploys new encrypted DDoS attack types and scans running processes for added stealth. Researchers believe attackers are surveying all potential vulnerable servers to choose high-value targets.

Experts strongly recommend updating all Langflow deployments to version 1.3.0 or above. The vulnerability remains a significant risk for any unpatched systems exposed to the internet.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

Can Solana Repeat Its $10K to $1.7M Growth by 2030?

If $10,000 was invested in Solana (SOL) in April 2020, it would be worth...

Eric Trump to Speak at BTC Asia as Hong Kong Advances Crypto Laws

Eric Trump is scheduled to speak at the BTC Asia conference in Hong Kong...

CISA Adds Four New Exploited Vulnerabilities, Citrix Bleed 2 Active

CISA added four new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The...

Scammers Use Fake Elon Musk to Steal Millions in Crypto Fraud

Criminals are using fake celebrity identities to convince people to invest in bogus cryptocurrency...

AI Models Sorted: 11 Out of 17 Land 100% in Ravenclaw House

Most leading AI language models overwhelmingly identified with the Ravenclaw house after taking the...

Must Read

6 Best VPN Providers That Accept Monero

Privacy and anonymity are probably the most important things that we should all consider in today's internet era. Although there are a lot of...