Hackers Leverage Critical Langflow Flaw to Deploy Flodrix Botnet and Seize System Control

A sophisticated cyberattack campaign has emerged, exploiting a critical vulnerability in Langflow, a widely-used Python-based framework for building AI applications, to deploy the destructive Flodrix botnet.

Identified as CVE-2025-3248 and carrying a near-perfect CVSS score of 9.8, this unauthenticated remote code execution (RCE) flaw impacts Langflow versions prior to 1.3.0.

Unveiling a Severe RCE Vulnerability in Langflow

The vulnerability lies in the /api/v1/validate/code endpoint, which lacks proper input validation and sandboxing, enabling attackers to execute arbitrary Python code with minimal effort through a crafted POST request.

According to the Report, this ease of exploitation has led to rapid weaponization, with over 1,600 internet-exposed Langflow instances at risk globally, as reported by cybersecurity experts at Trend Micro.

The flaw’s severity and Langflow’s popularity evidenced by over 70,000 GitHub stars make it a prime target for malicious actors seeking to compromise systems and disrupt services.

The attack chain begins with attackers using reconnaissance tools like Shodan and FOFA to identify vulnerable Langflow servers exposed on public networks.

Leveraging publicly available proof-of-concept (PoC) exploits hosted on GitHub, these cybercriminals gain remote shell access, executing commands such as whoami and ip addr show to gather system intelligence.

This information is relayed to a command-and-control (C&C) server, after which a malicious downloader script, often disguised as “docker,” retrieves and installs the Flodrix botnet payload over TCP or the Tor network.

A Stealthy Threat with Devastating Capabilities

An evolution of the LeetHozer malware family, Flodrix is engineered for distributed denial-of-service (DDoS) attacks, supporting modes like tcpraw and udpplain.

Its advanced evasion tactics, including self-deletion unless specific parameters are met, XOR-based string obfuscation to hide C&C addresses, and deceptive child process naming, make it a formidable adversary.

Additionally, Flodrix avoids reinfection by checking for hidden files like .system_idle and wipes forensic traces, posing significant challenges to detection and mitigation.

The malware’s dual capability for DDoS attacks and potential data exfiltration heightens the risk of service disruption and sensitive information theft for organizations relying on Langflow for intelligent automation.

To counter this threat, immediate action is imperative. Organizations must upgrade to Langflow version 1.3.0 or later, which incorporates authentication through a _current_user: CurrentActiveUser parameter to secure the vulnerable endpoint.

Further protective measures include restricting public access to Langflow interfaces and vigilantly monitoring for indicators of compromise, such as anomalous network traffic or unexpected hidden files.

This campaign highlights the urgent need for timely patching and robust network security in the face of evolving botnet threats exploiting open-source frameworks.

Indicators of Compromise (IOCs)

Below are the hashes associated with Flodrix samples identified by PolySwarm: