The Reveal Platform
Intel Name: Critical langflow vulnerability (cve-2025-3248) actively exploited to deliver flodrix botnet
Date of Scan: June 17, 2025
Impact: Medium
Summary: A critical vulnerability (CVE-2025-3248, CVSS 9.8) in Langflow versions prior to 1.3.0 is being actively exploited to deliver the Flodrix botnet. Attackers leverage this flaw to execute downloader scripts on compromised Langflow servers, enabling full system compromise, DDoS attacks, and potential data exposure. Due to Langflow’s widespread use in intelligent automation, vulnerable deployments are high-value targets. Organizations are urged to immediately upgrade to version 1.3.0 or later, restrict public access to Langflow endpoints, and monitor for signs of Flodrix infection.
