BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Flodrix Botnet Exploits Critical Langflow Flaw CVE-2025-3248

  • A new cyberattack campaign is exploiting a critical flaw in Langflow to install the Flodrix botnet.
  • The vulnerability, CVE-2025-3248, allows remote code execution on unpatched Langflow servers.
  • Attackers use public proof-of-concept code to compromise vulnerable systems and deploy Flodrix.
  • The Flodrix botnet can launch DDoS attacks, remove traces of itself, and communicate via the TOR network.
  • Security experts advise immediate updates to Langflow version 1.3.0 or later to close the vulnerability.

On June 17, 2025, Cybersecurity researchers reported a new set of attacks using a severe vulnerability in the Python-based visual AI framework Langflow. Hackers are targeting exposed Langflow servers by exploiting a critical missing authentication flaw to install the Flodrix botnet Malware.

- Advertisement -

The vulnerability, tracked as CVE-2025-3248 with a CVSS score of 9.8, enables unauthorized attackers to execute any code on compromised servers via specially crafted web requests. Trend Micro researchers stated that attackers are running downloader scripts on affected systems, which then fetch and execute the Flodrix malware. Langflow addressed this problem in March 2025 with the release of version 1.3.0.

Last month, U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned about active exploitation of this flaw, confirming reports of live attack attempts targeting internet-exposed Langflow instances. Attackers are using a publicly available proof-of-concept code to scan for and access unpatched servers. Once inside, Hacker-controlled scripts download Flodrix from a remote server.

According to Trend Micro, the Flodrix botnet establishes connections with a command center, receiving instructions to conduct distributed denial-of-service (DDoS) attacks on designated targets. The malware can also operate over the TOR Anonymity network to mask communications. Researchers explained, “Since Langflow does not enforce input validation or sandboxing, these payloads are compiled and executed within the server’s context, leading to remote code execution.”

Trend Micro noted different downloader scripts hosted on the same infrastructure used for Flodrix, indicating that threat actors are actively adapting and expanding this campaign. They also identified Flodrix as an evolved form of the LeetHozer botnet linked to the Moobot group.

- Advertisement -

The Flodrix variant includes features to erase itself and obscure connection addresses, making detection and analysis harder. It deploys new encrypted DDoS attack types and scans running processes for added stealth. Researchers believe attackers are surveying all potential vulnerable servers to choose high-value targets.

Experts strongly recommend updating all Langflow deployments to version 1.3.0 or above. The vulnerability remains a significant risk for any unpatched systems exposed to the internet.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Bitcoin Creator Back Warns BIP-110 Data Limit Could Split Network

Adam Back said Bitcoin has "robustly rejected" BIP-110, arguing the proposal conflicts with the...

Must Read

Tutorial: How to Buy a Domain Name Permanently? (Super Easy)

Are you ready to establish a permanent online presence and you want to buy a domain forever?In this tutorial, we'll show you how to...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading