CVE-2025-11899
Published: 17 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-11899 is a Use of Hard-coded Cryptographic Key vulnerability (CWE-321) in Agentflow, a product developed by Flowring. The flaw stems from a fixed cryptographic key that unauthenticated remote attackers can exploit to generate verification information, enabling login to the system as any user. Published on 2025-10-17, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to significant impacts on confidentiality, integrity, and availability.
Unauthenticated remote attackers can exploit this vulnerability over the network, though it requires high attack complexity and prior knowledge of a valid user ID. Successful exploitation allows attackers to impersonate any user on the system, potentially leading to full unauthorized access, data exfiltration, modification of system resources, or disruption of services.
TWCERT advisories provide further details on the vulnerability, available at https://www.twcert.org.tw/en/cp-139-10439-0bd15-2.html and https://www.twcert.org.tw/tw/cp-132-10438-1173e-1.html. Practitioners should consult these for recommended mitigations, such as key rotation or patching if available from Flowring.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables unauthenticated remote exploitation of a public-facing application (Agentflow) via a hard-coded cryptographic key to impersonate any user and gain unauthorized access.