CVE Alert: CVE-2025-11898 – Flowring Technology – Agentflow

CVE-2025-11898

HIGHNo exploitation known

Agentflow developed by Flowring has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

CVSS v3.1 (7.5)
AV NETWORK · AC LOW · PR NONE · UI NONE · S UNCHANGED
Vendor
Flowring Technology
Product
Agentflow
Versions
4.0
CWE
CWE-23, CWE-23 Relative Path Traversal
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published
2025-10-17T03:41:53.022Z
Updated
2025-10-17T03:41:53.022Z

AI Summary Analysis

Risk verdict

High risk: unauthenticated remote arbitrary file reading via path traversal, with immediate remediation advisable.

Why this matters

An attacker can access sensitive host or application files without credentials, potentially exposing configs, secrets, or other critical data. In enterprise deployments, this can enable data leakage, credential access, or a foothold for broader intrusions, especially where agents are internet-exposed or poorly isolated.

Most likely attack path

Exploitation requires no user interaction or privileges and uses network access to a Flowring Agentflow instance. The attacker can attempt relative path traversal from external requests, reading arbitrary files if the server accepts unsanitised paths. Once file contents are obtained, they may be used for further access or exfiltration; scope remains unchanged, limiting impact to the Agentflow boundary but enabling potential data disclosure.

Who is most exposed

Organizations running Agentflow on internet-facing hosts or in environments with weak file-access controls are at greatest risk, particularly where file system permissions or tenant boundaries are not tightly enforced.

Detection ideas

  • Logs show requests with ../../ or encoded path traversal patterns targeting sensitive paths.
  • Access to non-web-root or system files from Agentflow endpoints.
  • Spikes in data download activity or unusual file retrieval patterns.
  • Repeated 404/403 or error responses tied to traversal-like requests.
  • External IPs attempting hits against the affected endpoint without valid authentication.

Mitigation and prioritisation

  • Patch to vendor release via CRM and verify deployment on affected 4.0 instances.
  • Enforce strict input validation and canonicalise/validate file paths on the server side.
  • Deploy web application firewall rules to block path traversal patterns; disable directory listing where applicable.
  • Tighten network segmentation and limit exposure of Agentflow to trusted networks.
  • Change-management: test patch in staging, validate file-read protections, and roll out promptly. If KEV true or EPSS ≥ 0.5, treat as priority 1.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features