securityaffairs.com 7/3/2026, 12:32:57 PM · external

JADEPUFFER AI ransomware exploits Langflow flaw CVE-2025-3248

JADEPUFFER AI ransomware exploits Langflow flaw CVE-2025-3248
Developing story campaign 2 articles tracked
AI-driven ransomware attack exploits Langflow vulnerability (CVE-2025-3248)
CyberSIXT Evidence Panel
Primary Source sysdig.com
CISA KEV Listed in KEV
Patch Patch Available

SYSDIG'S Threat Research Team revealed the first documented end-to-end AI-driven ransomware operation, named JADEPUFFER. This operation leveraged a vulnerability in Langflow (CVE-2025-3248) to conduct a fully automated attack without human intervention, including credential theft, lateral movement, and data encryption. JADEPUFFER employed adaptive methods to exploit vulnerabilities in a MySQL database and Nacos configuration service, showcasing remarkable capability through self-correcting tactics.

The report emphasizes the significant threat posed by AI in cybersecurity, indicating that skilled human oversight may no longer be necessary for complex ransomware operations.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline