Flowring Technology Agentflow vulnerabilities
3 known vulnerabilities affecting flowring_technology/agentflow.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2025-3709P2CRITICALCVSS 9.8v4.02025-05-02
CVE-2025-3709 [CRITICAL] CWE-307 CVE-2025-3709: Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthentic
Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform password brute force attack.
nvd
CVE-2025-11898P3HIGHCVSS 7.5v4.02025-10-17
CVE-2025-11898 [HIGH] CWE-23 CVE-2025-11898: Agentflow developed by Flowring has an Arbitrary File Reading vulnerability, allowing unauthenticate
Agentflow developed by Flowring has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
nvd
CVE-2025-11899P3HIGHCVSS 8.1v4.02025-10-17
CVE-2025-11899 [HIGH] CWE-321 CVE-2025-11899: Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing u
Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into the system as any user. Attacker must first obtain an user ID in order to exploit this vulnerability.
nvd