Cybersecurity researchers have called attention to a new campaign that’s actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware.
“Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn fetch and install the Flodrix malware,” Trend Micro researchers Aliakbar Zahravi, Ahmed Mohamed Ibrahim, Sunil Bharti, and Shubham Singh said in a technical report published today.
The activity entails the exploitation of CVE-2025-3248 (CVSS score: 9.8), a missing authentication vulnerability in Langflow, a Python-based “visual framework” for building artificial intelligence (AI) applications.
Successful exploitation of the flaw could enable unauthenticated attackers to execute arbitrary code via crafted HTTP requests. It was patched by Langflow in March 2025 with version 1.3.0.
Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) flagged the active exploitation of CVE-2025-3248 in the wild, with the SANS Technology Institute revealing that it detected exploit attempts against its honeypot servers.
The latest findings from Trend Micro show that threat actors are targeting unpatched internet-exposed Langflow instances leveraging a publicly-available proof-of-concept (PoC) code to conduct reconnaissance and drop a shell script downloader responsible for retrieving and executing the Flodrix botnet malware from “80.66.75[.]121:25565.”
Once installed, Flodrix sets up communications with a remote server to receive commands over TCP in order to launch distributed denial-of-service (DDoS) attacks against target IP addresses of interest. The botnet also supports connections over the TOR anonymity network.
“Since Langflow does not enforce input validation or sandboxing, these payloads are compiled and executed within the server’s context, leading to [remote code execution],” the researchers said. “Based on these steps, the attacker is likely profiling all vulnerable servers and uses the collected data to identify high-value targets for future infections.”
Trend Micro said it identified the unknown threat actors to be hosting different downloader scripts on the same host used to fetch Flodrix, suggesting that the campaign is undergoing active development.
Flodrix is assessed to be an evolution of another botnet called LeetHozer that’s linked to the Moobot group. The improved variant incorporates the ability to discreetly remove itself, minimize forensic traces, and complicate analysis efforts by obfuscating command-and-control (C2) server addresses and other important indicators.
“Another significant change is the introduction of new DDoS attack types, which are now also encrypted, adding a further layer of obfuscation,” Trend Micro said. “The new sample also notably enumerates the running processes by opening /proc directory to access all running processes.”
![[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them](https://i0.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBiVGjlhEJLRNcHIGwL4666MBx8VxwFmXtbbZtFZH-VxOqVXcRZR7296ET2xLrxRyJT17V4DDkH4U4IIWMLNr3BZVpAfh57AkoUYgfU4eSoxFGEVzrCNe8DNs2QCeeywHAiAElN3taa2vU-YyUKAdrJDEuQdf3hvaMji1GOtXzwjcH80k9Glt8D78WgS4/s728-rw-e365/webinar.jpg?w=728&resize=728,380&ssl=1 "[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them")
