

SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;
Apr 14, 2025
There's a surge of exploit attempts targeting a recent vulnerability in LangFlow, particularly from Tor endpoints. Fortinet uncovered threats exploiting system weaknesses, leading to new updates for improved security. Microsoft clarified that its latest patches intentionally created the inetpub directory, urging users not to delete it. The discussion also touches on the implications of patch management and highlights the importance of security measures in the evolving cyber landscape.
AI Snips
Chapters
Transcript
Episode notes
Langflow Attacks Increase
- Exploit attempts for Langflow AI vulnerability (CVE-2025-3248) have increased significantly.
- The requests originate from Tor endpoints, suggesting a single source or botnet.
Langflow Vulnerability Explained
- The Langflow vulnerability allows remote code execution via an unauthenticated API endpoint.
- Attackers inject Python code, potentially compromising connected AI workflows.
Update Langflow
- Update your Langflow instance if you're self-hosting.
- The vulnerability was patched in March, but not publicly acknowledged by Langflow.