Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet
Summary:
Trend™ Research has identified an active campaign exploiting CVE-2025-3248 to deliver the Flodrix botnet. Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn fetch and install the Flodrix malware.
CVE-2025-3248 (CVSS 9.8) is a critical vulnerability in Langflow versions before 1.3.0. Organizations using Langflow versions prior to 1.3.0 on public networks are at critical risk, as this vulnerability is being actively exploited in the wild. Langflow’s broad adoption in prototyping and deploying intelligent automation makes vulnerable deployments attractive targets.
If the vulnerability is successfully exploited, threat actors behind the Flodrix botnet can cause full system compromise, DDoS attacks, and potential loss or exposure of sensitive information hosted on affected Langflow servers.
Organizations running Langflow should immediately patch and upgrade to version 1.3.0 or later, restrict public access to Langflow endpoints, and monitor for indicators of compromise associated with the Flodrix botnet.
Trend Micro customers are protected from exploitation attempts via available Trend Vision One™ Network Security rules and filters. Trend Vision One customers can also access hunting queries, threat insights, and threat intelligence reports to gain rich context and the latest updates on this attack. These protection details can be found at the end of this article.
To read the complete article see: