Safety researchers have uncovered an lively cyberattack marketing campaign concentrating on Langflow servers by means of CVE-2025-3248, a vital distant code execution vulnerability that permits risk actors to deploy the subtle Flodrix botnet malware.
The assaults display how cybercriminals are quickly weaponizing newly disclosed vulnerabilities to compromise cloud infrastructure and increase their botnet operations.
CVE-2025-3248, rated with a CVSS rating of 9.8, impacts Langflow variations previous to 1.3.0 and has been added to CISA’s Identified Exploited Vulnerabilities catalog.
The vulnerability resides within the /api/v1/validate/code endpoint, which fails to implement enough authentication whereas processing user-supplied Python code snippets.
Attackers can exploit this flaw by sending crafted POST requests containing malicious Python payloads embedded inside perform default arguments or decorators.
The vulnerability permits distant attackers to realize code execution with out authentication, as Langflow processes the malicious code by parsing it into an Summary Syntax Tree utilizing ast.parse(), then compiling and executing it by way of Python’s compile() and exec() features. This design flaw allows full system compromise on affected servers.
Langflow RCE Vulnerability Exploited
Cybercriminals have developed a scientific strategy to take advantage of weak Langflow installations. They start by scanning the web utilizing instruments like Shodan or FOFA to establish publicly uncovered Langflow servers. As soon as targets are recognized, attackers make the most of an open-source proof-of-concept exploit from GitHub to achieve distant shell entry on weak programs.
Following preliminary compromise, the attackers execute numerous reconnaissance instructions, together with whoami, printenv, cat /root/.bash_history, ip addr present, and systemctl standing sshd to assemble system data.
The collected intelligence is transmitted again to command-and-control servers, possible for figuring out high-value targets for additional exploitation.
Langflow RCE Vulnerability Exploited
The assault culminates with the deployment of a Trojan downloader script named “docker” that fetches and executes the Flodrix botnet payload from attacker-controlled infrastructure at IP tackle 80.66.75.1211. The malware downloader makes an attempt to put in architecture-specific variants of the botnet throughout a number of system varieties.
The Flodrix botnet represents an evolution of the LeetHozer malware household, incorporating superior stealth methods, together with self-deletion and artifact removing, to evade detection. The malware employs string obfuscation utilizing XOR encryption with the important thing “qE6MGAbI” to hide command-and-control server addresses.
As soon as put in, Flodrix establishes twin communication channels with its infrastructure utilizing each TCP and UDP protocols. The botnet can execute numerous distributed denial-of-service assaults together with tcpraw, udpplain, handshake, tcplegit, ts3, and udp assault varieties primarily based on instructions acquired from the management servers.
Moreover, the malware actively terminates competing processes and sends detailed system data to operators by way of UDP notifications.
Organizations operating Langflow should instantly improve to model 1.3.0 or later, which implements correct authentication necessities for the weak endpoint. The patch provides a _current_user: CurrentActiveUser parameter that validates person periods earlier than allowing entry to code validation performance.
System directors must also prohibit public entry to Langflow endpoints, monitor for indicators of compromise, and scan for the presence of hidden recordsdata like .system_idle that the malware makes use of for persistence monitoring.
Automate risk response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs throughout all endpoints -> Request full entry
