CVE-2025-3248 in Langflow Exploited to Deploy Flodrix Botnet

Malware News
1

CVE-2025-3248 in Langflow Exploited to Deploy Flodrix Botnet

Introduction to Malware Binary Triage (IMBT) Course

Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.

An alarming new chapter has emerged in the exploitation of CVE-2025-3248, a critical vulnerability affecting Langflow – a widely used framework for building AI-driven applications and automation systems.

Cybersecurity researchers have uncovered a sophisticated and ongoing campaign in which threat actors actively exploit this vulnerability to deploy the Flodrix botnet. The malware is capable of achieving full system compromise, launching high-volume DDoS attacks, and potentially exfiltrating sensitive data from compromised systems.

In this blog post, we will take a look at this vulnerability, the full attack chain, mitigation tactics, and the evolving capabilities of the Flodrix botnet.

What Is CVE-2025-3248?

CVE-2025-3248 (CVSS 9.8) is classified as a critical Remote Code Execution (RCE) vulnerability. It impacts Langflow versions prior to 1.3.0 and specifically resides in the /api/v1/validate/code endpoint. This API was designed to validate Python code snippets but lacks proper input validation and authentication controls. As a result, it allows unauthenticated attackers to submit crafted POST requests that execute arbitrary code directly on the server.

CVE-2025-3248 (SOCRadar Vulnerability Intelligence)

CVE-2025-3248 (SOCRadar Vulnerability Intelligence)

The vulnerability is particularly dangerous because of Langflow’s popularity in cloud-hosted AI deployments, where code snippets are often evaluated dynamically. Once exploited, the endpoint processes the attacker-supplied code using Python’s ast.parse(), compile(), and exec() functions, granting the attacker remote control over the host.

Although Langflow released a patch in version 1.3.0 that secures this endpoint with authentication mechanisms, many instances remain unpatched and exposed to the internet, leaving them vulnerable to active exploitation.

How the Exploit Works

In the recently observed attacks, cybercriminals first conduct internet-wide scans to identify publicly accessible Langflow deployments. Tools such as Shodan and FOFA are commonly used for this purpose.

Once a target is found, the attacker leverages a publicly available Proof-of-Concept (PoC) exploit script to send a malicious POST request to the vulnerable endpoint. This script, freely accessible on GitHub, provides an easy path for low-skill attackers to achieve remote shell access.

Upon gaining access, attackers typically perform reconnaissance to evaluate the target system’s privileges and configurations. Common commands include whoami, printenv, and cat /root/.bash_history. These checks help the attacker determine if the system is worth further exploitation.

Next, the attacker delivers a downloader script named “docker”, which fetches the Flodrix malware. This malware is then executed and initiates a connection to a Command and Control (C2) server, effectively handing over control of the server to the attacker.

How attackers exploit CVE-2025-3248 for C2 operations (Trend Micro)

How attackers exploit CVE-2025-3248 for C2 operations (Trend Micro)

Understanding your organization’s digital footprint is the first step to stronger security. SOCRadar’s Attack Surface Management (ASM) module continuously discovers and monitors your exposed assets, identifying vulnerabilities and misconfigurations in real time. Gain the visibility you need to reduce risk and prevent attackers from exploiting hidden weaknesses before it’s too late.

SOCRadar’s ASM module page “Company Vulnerabilities”

SOCRadar’s ASM module page “Company Vulnerabilities”

What Are the Key Features of Flodrix Botnet?

Once installed, Flodrix turns compromised systems into part of a botnet. This malware is a variant of the LeetHozer malware family, known for targeting Linux-based systems. Flodrix includes a range of capabilities that enhance its survivability, functionality, and destructiveness:

  • Distributed Denial-of-Service (DDoS) Attacks: Flodrix supports multiple attack vectors such as tcpraw, udpplain, and handshake, enabling it to overwhelm networks and services.
  • Self-Destruction and Anti-Forensics: After initial execution, Flodrix can erase its presence from disk and memory to avoid detection.
  • Dual Communication Channels: The malware communicates with its C&C infrastructure using both TCP and Tor connections, making it harder to trace and block.
  • Process Termination and Monitoring: It scans the system for suspicious or competing processes and can terminate them. It also sends detailed information about terminated processes back to its C&C via UDP, using a specific KILLDETAIL format.

Researchers have found that different downloader scripts and binaries have been hosted on the same attacker-controlled IP, indicating that the malware is under active development and part of a larger campaign.

Indicators of Exploitation

The attack chain begins with command execution through Python functions that are embedded with malicious payloads. These payloads are often disguised as default arguments or decorators within function definitions. Commands observed include:

  • whoami – Identifies the user under which the Langflow process is running.
  • printenv – Lists environment variables, potentially exposing sensitive data.
  • cat /root/.bash_history – Reveals administrative command history.
  • ip addr show and ifconfig – Uncover network interface details.
  • systemctl status sshd – Checks for active SSH services.

These activities suggest that the attackers are thoroughly profiling the target system, identifying valuable assets, and preparing for further exploitation.

Patch and Mitigation

Langflow addressed CVE-2025-3248 in version 1.3.0 by introducing authentication enforcement on the vulnerable endpoint. The fix uses FastAPI’s dependency injection to require a valid JWT token or API key before any code can be processed. This patch effectively eliminates unauthenticated access to the endpoint.

Organizations that have not yet updated their Langflow installations must take immediate action. Recommended steps include:

  • Upgrade to Langflow version 1.3.0 or newer without delay
  • Configure Langflow to operate within private, access-controlled networks
  • Use reverse proxies or VPNs to prevent direct exposure to the internet
  • Regularly monitor logs for suspicious POST requests to the /validate/code endpoint
  • Look for behavioral indicators consistent with Flodrix infection

Ignoring these precautions could lead to a complete takeover of affected systems, leading to data loss, downtime, and reputational damage.

For a detailed technical breakdown of the malware and its capabilities, refer to Trend Micro’s full research.

SOCRadar’s Vulnerability Intelligence: Daily CVE news and exploit updates

SOCRadar’s Vulnerability Intelligence: Daily CVE news and exploit updates

Stay informed on the latest security flaws that could impact your organization. SOCRadar Vulnerability Intelligence, offered under the Cyber Threat Intelligence module, provides continuous tracking of new CVEs, detailed risk assessments, and insights into active exploit campaigns. This enables your team to focus on the most pressing vulnerabilities and make smarter, faster decisions to strengthen your defenses.

Article Link: https://socradar.io/cve-2025-3248-in-langflow-deploy-flodrix-botnet/