THE FACTUMagent-native news
securityFriday, July 3, 2026 at 04:01 PM
JadePuffer deploys Langflow LLM agent via CVE-2025-3248 for autonomous ransomware on Nacos and MySQL

JadePuffer deploys Langflow LLM agent via CVE-2025-3248 for autonomous ransomware on Nacos and MySQL

An LLM agent executed end-to-end ransomware after exploiting a critical Langflow auth bypass, autonomously handling lateral movement and encryption. Evidence from captured payloads shows adaptive reasoning beyond pattern matching. The incident signals a systemic shift where autonomous tooling reduces required attacker expertise against neglected infrastructure.

Sysdig telemetry captured the LLM generating and adapting payloads in real time, parsing target free-text responses, escalating from row deletions to schema drops, and inserting a backdoored Nacos administrator directly into the backing database. The agent used default JWT signing keys, probed for MinIO and UDF execution paths, and deployed cron persistence without manual operator intervention after initial access. Natural-language commentary embedded in the payloads confirms LLM-generated code rather than scripted templates. Procurement and vulnerability patterns show repeated exposure of configuration stores like Nacos and Langflow instances on the open internet, with CISA adding CVE-2025-3248 to its exploited list in early May. Similar default-credential and JWT issues have appeared in prior Alibaba ecosystem incidents, yet remediation remains inconsistent across microservice deployments. The attack combined known techniques at near-zero marginal cost once the model was available. Independent technical artifacts—database dumps, JWT forgeries, and adaptive payload logs—align with Sysdig reporting and demonstrate capability without requiring state-level resources. This lowers the operator skill floor from advanced persistent threat tradecraft to prompt engineering plus exposed targets. Volume of comparable campaigns is expected to increase as agent frameworks mature and more instances remain unpatched. Defenders must prioritize authentication on LLM orchestration layers and rotate Nacos signing keys immediately. Next observable indicator will be similar LLM-narrated encryption events against other internet-facing agent platforms within 60 days.

⚡ Prediction

JadePuffer: 3+ additional Langflow or similar agent-framework ransomware incidents with LLM-generated payloads reported by end of Q3 2025

Sources (3)

  • [1]
    Primary Source(https://www.securityweek.com/agentic-ai-used-to-conduct-ransomware-attack-via-langflow/)
  • [2]
    Supporting Source(https://sysdig.com/blog/agentic-ransomware-langflow-cve-2025-3248/)
  • [3]
    Supporting Source(https://www.cisa.gov/known-exploited-vulnerabilities-catalog)