Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet

    Date: 06/17/2025

    Severity: Medium

    Summary

    A critical vulnerability (CVE-2025-3248, CVSS 9.8) in Langflow versions prior to 1.3.0 is being actively exploited to deliver the Flodrix botnet. Attackers leverage this flaw to execute downloader scripts on compromised Langflow servers, enabling full system compromise, DDoS attacks, and potential data exposure. Due to Langflow’s widespread use in intelligent automation, vulnerable deployments are high-value targets. Organizations are urged to immediately upgrade to version 1.3.0 or later, restrict public access to Langflow endpoints, and monitor for signs of Flodrix infection.

    Indicators of Compromise (IOC) List

    IP Address

    80.66.75.121

    188.166.68.21

    206.71.149.179

    45.61.137.226

    Hash

    EC0F2960164CDCF265ED78E66476459337C03ACB469B6B302E1E8AE01C35D7EC

    52A034E732BCE0CB10FBFAE6F3C208FFB885D490FBCD70BAD62FB2E32A7C33F8

    52A034E732BCE0CB10FBFAE6F3C208FFB885D490FBCD70BAD62FB2E32A7C33F8

    E4AEA6EE7005EE4B500E0B8673B69EA91D1A7532FACAD653E575BA29824845D9

    7BDBF2766AD55F9A67BFBB97A32D308530E4B5959BB68A9ACB22326DFEE8F282

    E08E03091DEFB5006792934389AA350E8C48C37E59E282EF8FE3C3F126212E20

    57CEDC81378F98E568539CC653349FF70EF851A6D51886FD2560F30DF5E31BBD

    C97128A452FF24D9BA70A3A7674C1D7AD21BABC9C75E7C34330BADDAEEA3D4BD

    80C956C5F279A436E7CF81B3E47333144DA5EF39BD76BD8C4A65E4571125EA7A

    DC9A484F4910EE08EB22AFAB8D328EEF5328C9A5A8ABC6A50062E2065262A81F

    4AA59DDE4C8DA2CFF1A3AFE02DB3AE6C00D99E698DB11838B791E1D6C582FFB6

    912573354E6ED5D744F490847B66CB63654D037EF595C147FC5A4369FEF3BFEE

    09EFD15FF0317424B9B964626DA5E42D68B3CE91F509B16DAD9892D156D3EABE

    1E5E9723C6B492C477471CCCB4D7B26AAE653B0C5491C29739F784C664699D36

    AB0F9774CA88994091DB0AE328D98F45034F653BD34E4F5E85679A972D3A039C

    C2BCDD6E3CC82C4C4DB6AAF8018B8484407A3E3FCE8F60828D2087B2568ECCA4

    C2BCDD6E3CC82C4C4DB6AAF8018B8484407A3E3FCE8F60828D2087B2568ECCA4

    A6CF8124E9B4558AACC7DDFA24B440454B904B937929BE203ED088B1040D1B36

    EC52F75268B2F04B84A85E08D56581316BD5CCFEB977E002EB43270FE713F307

    CCB02DCE1BCA9C3869E1E1D1774764E82206026378D1250AED324F1B7F9B1F11

    9991C664C052EC407E53439AC6BB4DF3CBBE3E54AF243D007A39D8A3DAB935B9

    F73B554E6AA7095CFC79CDB687204D99533AEDA73309106BA6CC9428FF57BD1E

    EE84591092A971C965B4E88CC5D6E8C2F07773B3BEE1486F3A52483EE72A2B3B

    002F3B2C632E0BE6CBC3FDF8AFCD0432FFE36604BA1BA84923CADAA147418187

    99B59E53010D58F47D332B683EB8A40DF0E0EACEF86390BCA249A708E47D9BAD

    78B430BFF7D797B020D06702659E26D8CA01C8FC968239390697AEFF472623A7

    D8D5A32BBD747C92FA1BB55DCE4ABB20E8D09711AEBCBFE8E7EEC83173F9E627

    08CF20E54C634F21D8708573EEF7FDE4DBD5D3CD270D2CB8790E3FE1F42ECCEC

    6DD0464DD0ECDE4BB5A769C802D11AB4B36BBE0DD4F0F44144121762737A6BE0

    C462A09DB1A74DC3D8ED199EDCA97DE87B6ED25C2273C4A3AFE811ED0C1C8B1D

    C2DCEB14EB91802CD4F78E78634E7837F4B2F4D1329D3F5293C53798B4D0C30E

    9850EB26D8CBEF3358DA4DF154E054759A062116C2AA82DE9A69A8589F0DCE49

    A42F8428AA75C180C2F89FBB8B1E44307C2390ED0EBF5AF10015131B5494F9E1

    E1C830643DE2EC7BC7C032F7EC96C302CE54E703EAF576D3796D1BBD05D8A63F

    51085CD2DE0ED6A9A6738AC85A8CAF297FBD22DB4B049822A9802BB8140DCD3D

    64927195D388BF6A1042C4D689BCB2C218320E2FA93A2DCC065571ADE3BB3BD3

    ABB0C4AD31F013DF5037593574BE3207A4C1E066A96E58CE243AAF2EF0FC0E4D

    6DD0464DD0ECDE4BB5A769C802D11AB4B36BBE0DD4F0F44144121762737A6BE0

    47497B24AF6FF42DAE582998AEEEDBC7B9CA6B3E0D82E8E49E8AC4A0F453A659

    DF9E9006A566A4FE30EAA48459EC236D90FD628F7587DA9E4A6A76D14F0E9C98

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 : 

    dstipaddress IN ("188.166.68.21","80.66.75.121","206.71.149.179","45.61.137.226") or srcipaddress IN ("188.166.68.21","80.66.75.121","206.71.149.179","45.61.137.226")

    Detection Query 2 : 

    sha256hash IN ("99B59E53010D58F47D332B683EB8A40DF0E0EACEF86390BCA249A708E47D9BAD","EC52F75268B2F04B84A85E08D56581316BD5CCFEB977E002EB43270FE713F307","08CF20E54C634F21D8708573EEF7FDE4DBD5D3CD270D2CB8790E3FE1F42ECCEC","DF9E9006A566A4FE30EAA48459EC236D90FD628F7587DA9E4A6A76D14F0E9C98","EE84591092A971C965B4E88CC5D6E8C2F07773B3BEE1486F3A52483EE72A2B3B","A6CF8124E9B4558AACC7DDFA24B440454B904B937929BE203ED088B1040D1B36","F73B554E6AA7095CFC79CDB687204D99533AEDA73309106BA6CC9428FF57BD1E","002F3B2C632E0BE6CBC3FDF8AFCD0432FFE36604BA1BA84923CADAA147418187","6DD0464DD0ECDE4BB5A769C802D11AB4B36BBE0DD4F0F44144121762737A6BE0","47497B24AF6FF42DAE582998AEEEDBC7B9CA6B3E0D82E8E49E8AC4A0F453A659","C462A09DB1A74DC3D8ED199EDCA97DE87B6ED25C2273C4A3AFE811ED0C1C8B1D","A42F8428AA75C180C2F89FBB8B1E44307C2390ED0EBF5AF10015131B5494F9E1","C2BCDD6E3CC82C4C4DB6AAF8018B8484407A3E3FCE8F60828D2087B2568ECCA4","EC0F2960164CDCF265ED78E66476459337C03ACB469B6B302E1E8AE01C35D7EC","52A034E732BCE0CB10FBFAE6F3C208FFB885D490FBCD70BAD62FB2E32A7C33F8","52A034E732BCE0CB10FBFAE6F3C208FFB885D490FBCD70BAD62FB2E32A7C33F8","E4AEA6EE7005EE4B500E0B8673B69EA91D1A7532FACAD653E575BA29824845D9","7BDBF2766AD55F9A67BFBB97A32D308530E4B5959BB68A9ACB22326DFEE8F282","E08E03091DEFB5006792934389AA350E8C48C37E59E282EF8FE3C3F126212E20","57CEDC81378F98E568539CC653349FF70EF851A6D51886FD2560F30DF5E31BBD","C97128A452FF24D9BA70A3A7674C1D7AD21BABC9C75E7C34330BADDAEEA3D4BD","80C956C5F279A436E7CF81B3E47333144DA5EF39BD76BD8C4A65E4571125EA7A","DC9A484F4910EE08EB22AFAB8D328EEF5328C9A5A8ABC6A50062E2065262A81F","4AA59DDE4C8DA2CFF1A3AFE02DB3AE6C00D99E698DB11838B791E1D6C582FFB6","912573354E6ED5D744F490847B66CB63654D037EF595C147FC5A4369FEF3BFEE","09EFD15FF0317424B9B964626DA5E42D68B3CE91F509B16DAD9892D156D3EABE","1E5E9723C6B492C477471CCCB4D7B26AAE653B0C5491C29739F784C664699D36","AB0F9774CA88994091DB0AE328D98F45034F653BD34E4F5E85679A972D3A039C","CCB02DCE1BCA9C3869E1E1D1774764E82206026378D1250AED324F1B7F9B1F11","9991C664C052EC407E53439AC6BB4DF3CBBE3E54AF243D007A39D8A3DAB935B9","78B430BFF7D797B020D06702659E26D8CA01C8FC968239390697AEFF472623A7","D8D5A32BBD747C92FA1BB55DCE4ABB20E8D09711AEBCBFE8E7EEC83173F9E627","C2DCEB14EB91802CD4F78E78634E7837F4B2F4D1329D3F5293C53798B4D0C30E","9850EB26D8CBEF3358DA4DF154E054759A062116C2AA82DE9A69A8589F0DCE49","E1C830643DE2EC7BC7C032F7EC96C302CE54E703EAF576D3796D1BBD05D8A63F","51085CD2DE0ED6A9A6738AC85A8CAF297FBD22DB4B049822A9802BB8140DCD3D","64927195D388BF6A1042C4D689BCB2C218320E2FA93A2DCC065571ADE3BB3BD3","ABB0C4AD31F013DF5037593574BE3207A4C1E066A96E58CE243AAF2EF0FC0E4D","6DD0464DD0ECDE4BB5A769C802D11AB4B36BBE0DD4F0F44144121762737A6BE0")

    Reference:    

    https://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html


    Tags

    MalwareVulnerabilityFlodrixBotnetCVE-2025LangflowExploitDDoS Attacks

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags