Threat actors have been exploiting a recently patched Langflow vulnerability to ensnare devices in the Flodrix botnet, Trend Micro warned on Tuesday.
The flaw, tracked as CVE-2025-3248, started making headlines in early May, after the cybersecurity agency CISA added it to its Known Exploited Vulnerabilities (KEV) catalog.
The existence of the vulnerability, which can be exploited by a remote and unauthenticated attacker for arbitrary code execution, came to light in early April, after a patch was rolled out with the release of Langflow 1.3.0.
Technical details and proof-of-concept (PoC) exploits started emerging roughly one week later.
Langflow is a popular low-code development platform designed for the creation and deployment of AI agents and workflows. It has more than 70,000 stars on GitHub.
When CISA added CVE-2025-3248 to its KEV catalog, no information was available on the attacks exploiting the vulnerability.
Trend Micro has now revealed that the security hole has been exploited in Flodrix botnet attacks. Specifically, attackers scanned the internet for vulnerable Langflow instances and then leveraged one of the publicly available PoC exploits to achieve shell access on the system and run various commands for reconnaissance purposes.
The threat actor then downloaded and executed the Flodrix malware on the compromised systems. Once up and running, the malware establishes a connection to its C&C server and waits for commands from its operator. The Flodrix botnet is mainly used to conduct DDoS attacks.
According to Trend Micro, the malware used in these attacks is an evolution of the LeetHozer malware analyzed by Chinese security firm Qihoo 360 back in 2020.
While there are several similarities to LeetHozer, there are also some differences, including different response headers, multiple configuration options, new DDoS attack types, and additional layers of obfuscation.
“This variant employs multiple stealth techniques, including self-deletion and artifact removal, to minimize forensic traces and hinder detection. It also uses string obfuscation to conceal command-and-control (C&C) server addresses and other critical indicators, complicating analysis efforts,” Trend Micro said.
Threat intelligence firm GreyNoise has seen more than 370 IP addresses attempting to exploit CVE-2025-3248 over the past month, with the most recent attempts seen by the company on June 12.
At the time of writing, the Censys search engine shows more than 1,600 internet-exposed Langflow instances, but it’s unclear how many of them are actually vulnerable to attacks.
Related: Mirai Botnets Exploiting Wazuh Security Platform Vulnerability
Related: DanaBot Botnet Disrupted, 16 Suspects Charged
Related: US Announces Botnet Takedown, Charges Against Russian Administrators
