CVE-2025-3248 is an unauthenticated remote code execution (RCE) vulnerability in Langflow, a popular Python-based framework for building AI applications. The flaw lies in the code validation endpoint, which fails to enforce authentication or sandboxing when parsing and executing user-supplied Python code. Attackers exploit this by sending crafted POST requests with embedded Python payloads, triggering code execution via ast.parse(), compile(), and exec().
Once compromised, the attackers deploy downloader scripts such as docker and deez, which fetch multi-architecture variants of the Flodrix malware. Flodrix, an evolution of the LeetHozer family, establishes TCP and UDP C2 channels and executes commands for DDoS attacks, self-deletion, anti-debugging, and process termination. It also sends periodic heartbeat signals and can parse and act upon encrypted C2 configurations. The campaign infrastructure includes multiple active download scripts and evolving malware samples.