CVE Alert: CVE-2025-11899 - Flowring Technology - Agentflow

CVE-2025-11899

HIGHNo exploitation known

Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into the system as any user. Attacker must first obtain an user ID in order to exploit this vulnerability.

CVSS v3.1 (8.1)

AV NETWORK · AC HIGH · PR NONE · UI NONE · S UNCHANGED

Vendor

Flowring Technology

Product

Agentflow

Versions

4.0

CWE

CWE-321, CWE-321 Use of Hard-coded Cryptographic Key

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Published

2025-10-17T03:44:54.733Z

Updated

2025-10-17T03:44:54.733Z

References

https://www.twcert.org.tw/tw/cp-132-10438-1173e-1.html

https://www.twcert.org.tw/en/cp-139-10439-0bd15-2.html

AI Summary Analysis

Risk verdict

Why this matters

Most likely attack path

Who is most exposed

Detection ideas

Unauthorised logins to multiple user accounts from external sources using verification data tied to the fixed key.
Authentication events showing successful logins with no user interaction or anomalous verification token patterns.
Sudden spikes of access attempts to admin/sensitive areas from new or unusual IPs.
Logs referencing hard-coded-key usage or verification data unusual for normal operation.
Post-compromise activity indicating credential abuse or account takeovers.

Mitigation and prioritisation

Apply vendor patch immediately; patch is available via CRM.
Rotate or revoke the hard-coded key; implement dynamic, managed keys (HSM/KMS).
Enforce MFA for all users and restrict network exposure to authentication endpoints.
Implement network controls and rate-limiting on login paths; enhance logging and SIEM monitoring for anomalous verification flows.
Plan patch in a defined window; verify success and re-scan; adjust change management accordingly. If KEV or EPSS indicators arise, escalate to priority 1.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: agentflow, CVE, cve-2025-11899, flowring-technology, OSINT, threatintel

CVE Alert: CVE-2025-11899 – Flowring Technology – Agentflow