Flodrix botnet deployed via Langflow security issue

Internet-exposed instances of the widely used Python-based artificial intelligence prototyping framework Langflow impacted by the critical remote code execution flaw, tracked as CVE-2025-3248, have been targeted with ongoing attacks distributing the Flodrix botnet, according to GBHackers News.

Abuse of the vulnerability which has been included in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog last month enables remote shell access and reconnaissance command execution prior to the subsequent delivery of a downloader script that executes Flodrix, which later TCP and Tor network communications with its command-and-control server, a report from Trend Micro revealed. Based on the LeetHozer malware, Flodrix not only facilitates various distributed denial-of-service intrusions, suspicious process termination, and structured "KILLDETAIL" notification delivery to its C2 infrastructure, but also leverages encrypted configurations and XOR-based string obfuscation, as well as performs self-deletion, said the report. Immediate updates to Langflow versions 1.3.0 or later, public endpoint access restrictions, and continuous indicators of compromise monitoring have been recommended to mitigate potential compromise.