Primary

Context

Flowring Agentflow Arbitrary File Reading Vulnerability

Vulnerability

An arbitrary file reading vulnerability has been identified in Flowring's Agentflow version 4.0. This vulnerability allows unauthenticated remote attackers to exploit relative path traversal to download arbitrary system files.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive system files, potentially allowing attackers to read confidential information or configuration files that could be used in further attacks.

Remediation

The vendor has released a patch for this vulnerability, which is available through their CRM system.

Added: Oct 17, 2025, 4:20 AM

Updated: Oct 17, 2025, 4:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

4.7

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

4.7

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Flowring Agentflow Arbitrary File Reading Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Flowring Agentflow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating