An unpatched zero-day vulnerability in Langflow, a widely used python-based visual framework to develop AI applications, being exploited actively by threat actors to hijack systems with its deadly Flodrix botnet and serve them unspeakable.
Tagged as CVE-2025-3248 with a critical severity score of 9.8 on the CVSS scale, the software bug permits unauthenticated remote code execution (RCE) on impacted Langflow servers.
Researchers at cybersecurity firms such as Trend Micro and Horizon3 discovered them. ai, have witnessed active campaigns exploiting the vulnerability. Per the researcher, the attackers are taking advantage of an authentication bypass issue in the Langflow’s /api/v1/validate/code endpoint.
This endpoint is designed for validating Python code fragments and does not properly validate user supplied code leading to remote code execution on the server (without valid authentication) Where code has been constructed using the following construction: 1. ’\’ 2. ‘ character.
A successful exploit allows the attackers to take full control of the system, e.g., to mount Distributed Denial of Service (DDoS) attacks, and possibly to exfiltrate sensitive data that are stored on the compromised Langflow servers. On May 5, 2025, CVE-2025-3248 was added to CISA’s Known Exploited Vulnerabilities (KEV) list, indicating the severity of the threat.
Langflow becomes very attractive targets since they are widely-used for prototyping and deploying intelligent automation projects. LangFlow addressed this issue in version 1.3.0, released in March 2025, by requiring authentication for the affected endpoint, however, many instances of langflow exposed to the internet are currently unpatched and at risk.
As the affected groups reported Langflow versions < 1.3.0 at the time of detection, organizations which employ Langflow versions lower than 1.3.0 are recommended to update as soon as feasible, limit public access to Langflow endpoints, and check for signs of a compromise tied to the Flodrix botnet. The ongoing activity is a reminder of the need for timely patching and sound security practices, particularly when it comes to popular development frameworks in the growing realm of AI.
