An active campaign is exploiting CVE-2025-3248, a critical vulnerability in Langflow versions before 1.3.0, to deliver the Flodrix botnet. Attackers use the flaw to execute downloader scripts on compromised servers, which then fetch and install the Flodrix malware. The vulnerability allows full system compromise, DDoS attacks, and potential data exfiltration. Organizations using vulnerable Langflow versions on public networks are at high risk. The attack chain involves reconnaissance, exploitation of the CVE, deployment of a downloader script, and execution of the Flodrix botnet payload. The malware employs anti-forensic techniques and can perform various DDoS attacks based on commands from its C&C server. Author: AlienVault
Related Tags:
flodrix
cve-2025-3248
rce
DDoS
botnet
exploit
T1496
T1571
T1070
Associated Indicators:
51085CD2DE0ED6A9A6738AC85A8CAF297FBD22DB4B049822A9802BB8140DCD3D
1E5E9723C6B492C477471CCCB4D7B26AAE653B0C5491C29739F784C664699D36
E08E03091DEFB5006792934389AA350E8C48C37E59E282EF8FE3C3F126212E20
47497B24AF6FF42DAE582998AEEEDBC7B9CA6B3E0D82E8E49E8AC4A0F453A659
AB0F9774CA88994091DB0AE328D98F45034F653BD34E4F5E85679A972D3A039C
09EFD15FF0317424B9B964626DA5E42D68B3CE91F509B16DAD9892D156D3EABE
E1C830643DE2EC7BC7C032F7EC96C302CE54E703EAF576D3796D1BBD05D8A63F
64927195D388BF6A1042C4D689BCB2C218320E2FA93A2DCC065571ADE3BB3BD3
A42F8428AA75C180C2F89FBB8B1E44307C2390ED0EBF5AF10015131B5494F9E1