A critical vulnerability has been identified in multiple Agentflow products, assigned CVE-2025-11899. The software uses a fixed, hard-coded cryptographic key for user authentication, which allows a remote, unauthenticated attacker to bypass security measures and log into the system as any user, including administrators. Successful exploitation could lead to a complete compromise of the affected system, resulting in data theft, unauthorized modifications, and business process disruption.

The vulnerability exists due to the use of a static, hard-coded cryptographic key within the application's code. An attacker can reverse-engineer the software to discover this fixed key. Once obtained, the attacker can use the key to craft valid authentication tokens or verification information, effectively impersonating any legitimate user without needing their credentials. This allows a remote, unauthenticated attacker to gain unauthorized access to the system with the privileges of the impersonated user.

This vulnerability is rated as High severity with a CVSS score of 8.1. Exploitation could have a severe impact on the business by enabling a complete compromise of the Agentflow system. An attacker gaining administrative access could lead to the theft of sensitive business data, unauthorized modification or deletion of critical records, and disruption of workflows managed by the software. This poses a significant risk to data confidentiality, integrity, and availability, potentially resulting in financial loss, reputational damage, and regulatory penalties.

Immediate Action: Apply the security updates provided by the vendor, Flowring, to all affected systems immediately. After patching, review system and application access logs for any signs of unauthorized access or suspicious login activity that may have occurred prior to remediation.

Proactive Monitoring: Implement enhanced monitoring of the affected application. Security teams should look for unusual login patterns, such as successful logins from unknown or geographically anomalous IP addresses, multiple failed login attempts followed by a success from the same source, and any unauthorized configuration changes or user account modifications.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Restrict network access to the Agentflow application, allowing connections only from trusted IP ranges or through a VPN. If available, deploy a Web Application Firewall (WAF) with rules designed to detect and block anomalous authentication attempts.

Public Exploit Available: false

Given the high CVSS score of 8.1 and the ability for an unauthenticated attacker to gain full system access, it is strongly recommended that organizations prioritize the immediate application of the vendor-supplied security patch. Although this vulnerability is not currently listed on the CISA KEV catalog, its critical nature makes it a prime target for threat actors. All organizations using affected Agentflow products should treat this as a critical priority and validate that the patch has been successfully deployed across their environment.