The following table shows the structure if the UDP notification traffic:
| KILLDETAIL|PID|PPID|SIGNAL|COMM|EXE|CWD|CMDLINE|SOCKET_COUNT | |
| KILLDETAIL | Hardcoded value |
| PID (Process ID) | Get from PID from /proc directory |
| PPID (Parent Process ID) | Get from /proc/%d/stat file with %c %d options |
| Signal (Action) | Hardcoded values. Possible values (2,3,4,5,8,9) |
| COMM (Process Name) | Get from /proc/%d/comm file |
| EXE (Process Executable Path) | Get from /proc/%d/exe file |
| CWD (Current Working Directory) | Get from /proc/%d/cwd file |
| CMDLINE (Command Line) | Get from /proc/%d/cmdline file |
| Number of sockets | Get from /proc/%d/fd/%s file |
Table 6. UDP notification request anatomy
Proactive security with Trend Vision One™
Trend Vision One™ is the only AI-powered enterprise cybersecurity platform that centralizes cyber risk exposure management, security operations, and robust layered protection. This comprehensive approach helps you predict and prevent threats, accelerating proactive security outcomes across your entire digital estate.
Backed by decades of cybersecurity leadership and Trend Cybertron, the industry’s first proactive cybersecurity AI, it delivers proven results: a 92% reduction in ransomware risk and a 99% reduction in detection time. Security leaders can benchmark their posture and showcase continuous improvement to stakeholders.
Trend protections for CVE-2025-3248
The following protections have been available to Trend Micro customers:
Trend Vision One™ Network Security
- TippingPoint Intrusion Prevention Filters:
- 46063: TCP: Trojan.Linux.FlodrixBot.A Runtime Detection
- 46064: UDP: Trojan.Linux.FlodrixBot.A Runtime Detection
- 45744: HTTP: Langflow Code Injection Vulnerability
- Deep Discovery Inspector (DDI) Relevance Rule: 5411: CVE-2025-3248 – LANGFLOW RCE – HTTP (Request)
Trend Micro™ Threat Intelligence
To stay ahead of evolving threats, Trend customers can access Trend Vision One™ Threat Insights, which provides the latest insights from Trend Research on emerging threats and threat actors.
Trend Vision One Threat Insights
Emerging Threats: Critical Langflow Vulnerability [CVE-2025-3248] Actively Exploited to Deliver Flodrix Botnet
Hunting Queries
Trend Vision One Search App
Trend Vision One customers can use the Search App to match or hunt the malicious indicators mentioned in this blog post with data in their environment.
C&C connections of Flodrix Botnet
eventSubId:602 AND objectIp:(80.66.75.121 OR 45.61.137.226 OR 206.71.149.179 OR 188.166.68.21)
More hunting queries are available for Vision One customers with Threat Insights Entitlement enabled
Indicators of Compromise (IOCs)
You can find the IoCs for this blog here.
