Home

Description

Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into the system as any user. Attacker must first obtain an user ID in order to exploit this vulnerability.

PUBLISHED Reserved 2025-10-17 | Published 2025-10-17 | Updated 2025-10-17 | Assigner twcert




CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-321 Use of Hard-coded Cryptographic Key

Product status

Default status
unaffected

4.0
affected

References

www.twcert.org.tw/tw/cp-132-10438-1173e-1.html third-party-advisory

www.twcert.org.tw/en/cp-139-10439-0bd15-2.html third-party-advisory

cve.org (CVE-2025-11899)

nvd.nist.gov (CVE-2025-11899)

Download JSON