Cybersecurity researchers have identified a campaign exploiting a critical security flaw (CVE-2025-3248) in Langflow, allowing attackers to execute malicious scripts. This vulnerability, which received a high CVSS score of 9.8, was reported being actively targeted by attackers using publicly available PoC code. The exploitation process involves installing Flodrix botnet malware, which can facilitate DDoS attacks. Langflow's lack of input validation exacerbates these risks, as payloads are executed within the server context, highlighting the critical need for timely software updates and rigorous security measures.
"Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn fetch and install the Flodrix malware," Trend Micro researchers noted.
"The botnet also supports connections over the TOR anonymity network, indicating a level of sophistication in the threat actors' methods."
Collection
[
|
...
]