Verticals Targeted: AI
Regions Targeted: Not specified
Related Families: LeetHozer
Executive Summary
A critical vulnerability in Langflow, CVE-2025-3248, is under active exploitation to deploy the Flodrix botnet, enabling attackers to compromise systems fully, launch DDoS attacks, and potentially exfiltrate sensitive data.
Key Takeaways
- This activity exploits CVE-2025-3248 (CVSS 9.8) in Langflow versions prior to 1.3.0, allowing unauthenticated remote code execution.
- Flodrix botnet is delivered via malicious Python payloads, enabling DDoS attacks and data theft.
- Attackers use open-source PoC exploits and tools like Shodan to target exposed Langflow servers.
- The malware employs stealth techniques, including self-deletion and string obfuscation, to evade detection.
CVE-2025-3248 Exploitation
An active campaign exploiting a severe flaw in Langflow, a Python-based framework for building AI applications, has been uncovered, delivering the Flodrix botnet to vulnerable servers. The vulnerability, designated CVE-2025-3248 with a CVSS score of 9.8, affects Langflow versions prior to 1.3.0. This unauthenticated remote code execution (RCE) vulnerability resides in the /api/v1/validate/code endpoint, which fails to enforce input validation or sandboxing, allowing attackers to execute arbitrary Python code. The flaw’s severity stems from its ease of exploitation, requiring only a crafted POST request to achieve full system compromise. Trend Micro reported on this activity.
The attack chain begins with cybercriminals scanning for publicly exposed Langflow instances using tools such as Shodan or FOFA. Once identified, attackers leverage a publicly available proof-of-concept (PoC) exploit hosted on GitHub to gain remote shell access. Reconnaissance commands, including `whoami`, `printenv`, and `ip addr show`, are executed to gather system information, which is relayed to a command-and-control (C&C) server. A downloader script, often named “docker,” is then deployed to fetch and install the Flodrix botnet malware from a remote server, typically over TCP or the Tor network.
What is Flodrix?
Flodrix, an evolution of the LeetHozer malware family, is designed for distributed denial-of-service (DDoS) attacks, supporting multiple attack modes such as `tcpraw` and `udpplain`. Its sophistication lies in its evasion tactics: the malware self-deletes unless specific parameters are provided, removes forensic artifacts, and employs XOR-based string obfuscation to conceal C&C addresses. It also checks for hidden files like `.system_idle` to avoid reinfection and forks child processes with deceptive names to evade detection. These features make Flodrix a formidable threat to organizations relying on Langflow for prototyping and deploying intelligent automation.
Langflow’s popularity, evidenced by over 70,000 GitHub stars, makes it an attractive target for attackers. Vulnerable deployments, particularly those accessible on public networks, face significant risks, including data exfiltration and service disruption. The flaw’s exploitation has been documented globally, with over 1,600 internet-exposed Langflow instances identified, though the exact number of vulnerable systems remains unclear.
Mitigation requires immediate action. Organizations must upgrade to Langflow version 1.3.0 or later, which introduces authentication via a `_current_user: CurrentActiveUser` parameter to secure the vulnerable endpoint. Additionally, restricting public access to Langflow endpoints and monitoring for indicators of compromise, such as unexpected network traffic or hidden files, are critical steps. This campaign underscores the dangers of unauthenticated RCE vulnerabilities in widely adopted frameworks. As attackers continue to weaponize open-source tools and exploits, organizations must prioritize timely patching and robust network security to defend against evolving botnet threats like Flodrix.
IOCs
PolySwarm has multiple samples of Flodrix.
AB0F9774CA88994091DB0AE328D98F45034F653BD34E4F5E85679A972D3A039C
C2BCDD6E3CC82C4C4DB6AAF8018B8484407A3E3FCE8F60828D2087B2568ECCA4
EC52F75268B2F04B84A85E08D56581316BD5CCFEB977E002EB43270FE713F307
CCB02DCE1BCA9C3869E1E1D1774764E82206026378D1250AED324F1B7F9B1F11
F73B554E6AA7095CFC79CDB687204D99533AEDA73309106BA6CC9428FF57BD1E
EE84591092A971C965B4E88CC5D6E8C2F07773B3BEE1486F3A52483EE72A2B3B
002F3B2C632E0BE6CBC3FDF8AFCD0432FFE36604BA1BA84923CADAA147418187
99B59E53010D58F47D332B683EB8A40DF0E0EACEF86390BCA249A708E47D9BAD
08CF20E54C634F21D8708573EEF7FDE4DBD5D3CD270D2CB8790E3FE1F42ECCEC
6DD0464DD0ECDE4BB5A769C802D11AB4B36BBE0DD4F0F44144121762737A6BE0
C462A09DB1A74DC3D8ED199EDCA97DE87B6ED25C2273C4A3AFE811ED0C1C8B1D
9850EB26D8CBEF3358DA4DF154E054759A062116C2AA82DE9A69A8589F0DCE49
A42F8428AA75C180C2F89FBB8B1E44307C2390ED0EBF5AF10015131B5494F9E1
ABB0C4AD31F013DF5037593574BE3207A4C1E066A96E58CE243AAF2EF0FC0E4D
DF9E9006A566A4FE30EAA48459EC236D90FD628F7587DA9E4A6A76D14F0E9C98
You can use the following CLI command to search for all Flodrix samples in our portal:
$ polyswarm link list -f Flodrix
Don’t have a PolySwarm account? Go here to sign up for a free Community plan or subscribe.
Contact us at hivemind@polyswarm.io | Check out our blog | Subscribe to our reports.