News Flodrix botnet targets vulnerable Langflow servers
News Flodrix botnet targets vulnerable Langflow servers
Pierluigi Paganini
June 18, 2025
Attackers exploit CVE-2025-3248 in Langflow servers to deliver Flodrix botnet via downloader scripts, Trend Research reports.
Trend Research uncovered an ongoing campaign exploiting the vulnerability CVE-2025-3248 to deliver the Flodrix botnet. Attackers exploit the flaw to run scripts on Langflow servers, downloading and installing Flodrix malware.
“If the vulnerability is successfully exploited, threat actors behind the Flodrix botnet can cause full system compromise, DDoS attacks, and potential loss or exposure of sensitive information hosted on affected Langflow servers.” reads the report published by Trend Research.
In May, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Langflow flaw CVE-2025-3248 (CVSS score of 9.8) to its Known Exploited Vulnerabilities (KEV) catalog.
Langflow is a popular tool used for building agentic AI workflows.
CVE-2025-3248 is a code injection vulnerability in the /api/v1/validate/code endpoint. A remote, unauthenticated attacker can exploit it by sending crafted HTTP requests to execute arbitrary code. The flaw impacts versions prior to 1.3.0.
Researchers from cybersecurity firm Horizon3.ai discovered the vulnerability and pointed out that it is easily exploitable.
“Remote code execution is easy now – just stick the payload into a decorator. Here’s an example of landing a Python reverse shell, targeting a vulnerable host at 10.0.220.200.” reads a post published by Horizon3.ai.
“Interactive RCE is possible by raising an Exception from the decorator.”
After the CVE was published, another researcher published a POC exploit for this vulnerability that abused default arguments in Python functions. These are also modeled as expressions in Python and get executed when a function is defined.
Trend Micro researchers spotted the attacker using an open-source code proof of concept (PoC) to target vulnerable systems and enable code execution and payload delivery.
Threat actors exploit the public PoC code to install Flodrix malware, which can launch DDoS attacks.
The researchers reported that attackers are scanning the internet for unpatched Langflow servers, using tools like Shodan. Then attackers gain shell access and run bash commands for reconnaissance, gathering details like system users, environment variables, and network settings. Once satisfied, they download and execute the Flodrix botnet malware from a remote server. Flodrix connects to a C&C server, enabling DDoS attacks. If run with invalid parameters, the malware deletes itself, likely as a way to test target compatibility. The vulnerability stems from insecure Python code validation that allows unauthenticated code execution.
“The malware supports two communication channels with its C&C server: one over standard TCP and another over the Tor network. By default, it establishes a socket connection with the C&C server using the TCP channel.” states the report.
The analysis of the attack chain shows that after exploiting CVE-2025-3248, attackers run a bash script named “docker” that downloads and executes Flodrix botnet ELF binaries for various system types. The script checks system output to verify success and deletes the file if a specific message appears. It avoids killing critical system processes and uses multiple methods (wget, curl, tftp) to ensure file download. Once a file runs successfully, execution stops. The presence of several variants suggests ongoing development and multiple active campaigns.
The payload is a new LeetHozer malware variant using stealth tactics like self-deletion, artifact removal, and string obfuscation to evade detection and analysis.
“Notably, this version supports dual communication channels with its C&C infrastructure over both TCP and UDP channels. Once connected, it can receive commands over TCP to launch various distributed denial-of-service (DDoS) attacks. ” continues the report.
Trend Micro experts obserbed that the Flodrix botnet sample shares traits with a known variant, like the XOR key and traffic structure, but also introduces notable changes. These include altered response headers, new encrypted DDoS attack types, and added configuration options. A major enhancement is process enumeration via the /proc directory. If suspicious processes are found (e.g., systemd, busybox, or those running from /tmp), the malware terminates them and sends detailed kill reports to its C&C via UDP on port 50445.
“The new sample also notably enumerates the running processes by opening /proc directory to access all running processes. It iterates through the directory entries to filter out valid process identifiers (PIDs) and fetches detailed information about them, such as command names, execution paths, and command-line arguments.” concludes the report, which includes Indicators of Compromise (IOCs). “Then, the malware compares the running process with specific process such as init, systemd, watchdog, busybox and /bin/busybox. Additionally, it checks if the process is running from /tmp directory. If a process matches the conditions, it sends signals to terminate it and sends a notification message starts with “KILLDETAIL|” to the C&C over port 50445 over UDP with terminated process details.”
Once installed, Flodrix sets up communications with a remote server to receive commands over TCP in order to launch distributed denial-of-service (DDoS) attacks against target IP addresses of interest. The botnet also supports connections over the TOR anonymity network.
“Since Langflow does not enforce input validation or sandboxing, these payloads are compiled and executed within the server’s context, leading to [remote code execution],” the researchers said. “Based on these steps, the attacker is likely profiling all vulnerable servers and uses the collected data to identify high-value targets for future infections.”
Trend Micro said it identified the unknown threat actors to be hosting different downloader scripts on the same host used to fetch Flodrix, suggesting that the campaign is undergoing active development.
Flodrix is assessed to be an evolution of another botnet called LeetHozer that’s linked to the Moobot group. The improved variant incorporates the ability to discreetly remove itself, minimize forensic traces, and complicate analysis efforts by obfuscating command-and-control (C2) server addresses and other important indicators.
“Another significant change is the introduction of new DDoS attack types, which are now also encrypted, adding a further layer of obfuscation,” Trend Micro said. “The new sample also notably enumerates the running processes by opening /proc directory to access all running processes.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Flodrix botnet)
