Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
An active campaign is exploiting CVE-2025-3248, a critical vulnerability in Langflow versions before 1.3.0, to deliver the Flodrix botnet. Attackers use the flaw to execute downloader scripts on compromised servers, which then fetch and install the Flodrix malware. The vulnerability allows full system compromise, DDoS attacks, and potential data exfiltration. Organizations using vulnerable Langflow versions on public networks are at high risk. The attack chain involves reconnaissance, exploitation of the CVE, deployment of a downloader script, and execution of the Flodrix botnet payload. The malware employs anti-forensic techniques and can perform various DDoS attacks based on commands from its C&C server.
OPENCTI LABELS :
botnet,exploit,rce,ddos,cve-2025-3248,flodrix,langflow
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet