Focus Friday: TPRM Insights on F5 Big-ip Apt Risk, Exchange Server, Sharepoint, Gladinet, and Flowise Vulnerabilities

This week’s Focus Friday explores a series of high-impact vulnerabilities and security incidents that carry serious implications for Third-Party Risk Management (TPRM) programs. From a nation-state breach targeting F5 BIG-IP environments to critical flaws in Microsoft Exchange Server and SharePoint, and further extending to emerging risks in Flowise and Gladinet CentreStack & Triofox, these incidents underline how diverse and interconnected today’s attack surface has become.

Each case demonstrates the evolving nature of enterprise exposure—whether through infrastructure compromises, software supply chain risks, or exploited zero-days impacting collaboration and automation platforms. Through Black Kite’s FocusTags™, organizations gain the intelligence necessary to determine which vendors are at risk, prioritize engagement, and take timely remediation steps.

Filtered view of companies with F5 BIG-IP APT Risk FocusTag™ on the Black Kite platform.

VULNERABILITIES INVOLVING APT RISK IN F5 BIG-IP

You can read our detailed analysis of these vulnerabilities, which are expected to remain in the spotlight for a while, in our blog post we shared yesterday.

According to Shadowserver, around 269K IPs are seen daily, nearly half of them in the US.

You can track F5-related exposure on Public Dashboard here (shared by Shadowserver)

WHAT IS THE F5 BIG-IP APT RISK VULNERABILITY CLUSTER?

In October 2025, F5 disclosed a nation-state breach of its product engineering network that exposed BIG-IP source code and internal vulnerability data. This event coincided with the discovery of multiple high-severity flaws across the BIG-IP, BIG-IP Next, F5OS, and BIG-IQ platforms. The most critical issues include memory corruption (CVE-2025-53868), TMM-level memory leaks and double-free conditions (CVE-2025-61974, CVE-2025-61990), privilege escalation in iControl REST and iHealth components (CVE-2025-59481, CVE-2025-61958), and denial-of-servicevulnerabilities affecting Traffic Management Microkernel (TMM), IPsec, and ePVA subsystems.
Each vulnerability carries CVSS v4 scores between 8.2 and 8.7 (High) and EPSS values from 0.05% to 0.15%, highlighting moderate exploit probability but high potential operational impact.

When writing the description, it should be stated that the following CVSS and EPSS values apply. The EPSS values are expected to increase further.

• CVE-2025-53868 (CVSS: 8.5, EPSS: 0.05%): High-severity memory corruption vulnerability in BIG-IP TMOS that may compromise system stability.
• CVE-2025-60016 (CVSS: 8.7, EPSS: 0.07%): High-severity denial-of-service flaw in BIG-IP Next SPK/CNF components leading to service disruption.
• CVE-2025-48008 (CVSS: 8.7, EPSS: 0.07%): High-severity DoS vulnerability in BIG-IP that can cause system outages.
• CVE-2025-59781 (CVSS: 8.7, EPSS: 0.07%): High-severity DNS cache poisoning issue in BIG-IP Next CNF enabling forged DNS responses.
• CVE-2025-61951 (CVSS: 8.7, EPSS: 0.06%): High-severity out-of-bounds read vulnerability in BIG-IP that could expose sensitive memory data.
• CVE-2025-46706 (CVSS: 8.7, EPSS: 0.07%): High-severity iRules memory exhaustion flaw that can lead to service unavailability.
• CVE-2025-53856 (CVSS: 8.7, EPSS: 0.07%): High-severity ePVA handling flaw causing Traffic Management Microkernel (TMM) crashes.
• CVE-2025-61974 (CVSS: 8.7, EPSS: 0.07%): High-severity SSL/TLS memory leak that results in service interruptions.
• CVE-2025-58071 (CVSS: 8.7, EPSS: 0.07%): High-severity IPsec denial-of-service vulnerability affecting secure communications.
• CVE-2025-61990 (CVSS: 8.7, EPSS: 0.07%): High-severity TMM double-free condition that can crash or destabilize the system.
• CVE-2025-58096 (CVSS: 8.2, EPSS: 0.07%): High-severity out-of-bounds write vulnerability leading to potential memory corruption.
• CVE-2025-59481 (CVSS: 8.5, EPSS: 0.05%): High-severity privilege escalation flaw in iControl REST allowing unauthorized administrative access.
• CVE-2025-61958 (CVSS: 8.5, EPSS: 0.05%): High-severity privilege escalation issue in iHealth components enabling elevated privileges.
• CVE-2025-59269 (CVSS: 8.4, EPSS: 0.05%): High-severity stored cross-site scripting (XSS) vulnerability in the configuration utility.
• CVE-2025-58153 (CVSS: 8.2, EPSS: 0.07%): High-severity hardware lockup DoS condition that can freeze device operations.
• CVE-2025-59483 (CVSS: 8.5, EPSS: 0.05%): High-severity arbitrary file upload vulnerability allowing unauthorized file placement.
• CVE-2025-59268 (CVSS: 6.9, EPSS: 0.05%): Medium-severity information disclosure vulnerability exposing system details.
• CVE-2025-54755 (CVSS: 6.9, EPSS: 0.15%): Medium-severity directory traversal flaw enabling unauthorized file system access.
• CVE-2025-58424 (CVSS: 6.3, EPSS: 0.05%): Medium-severity predictable TCP identifier vulnerability allowing data inference.

According to F5 advisories K000151902 and K000156572, exploitation could lead to system crashes, service interruptions, configuration tampering, or privilege escalation on affected devices.
The vulnerabilities were published and patched in mid-October 2025, and as of now, CISA’s Known Exploited Vulnerabilities (KEV) catalog does not list any of them. However, national-level agencies such as NCSC (UK) and ACSC (Australia) issued coordinated alerts warning that the stolen source code could enable future zero-day creationor APT-grade espionage activity.

The incident was investigated by CrowdStrike, Mandiant, NCC Group, and IOActive, confirming long-term persistent access by a nation-state threat actor, with code and vulnerability exfiltration traced back several months before disclosure.

WHY SHOULD TPRM PROFESSIONALS CARE ABOUT THESE VULNERABILITIES?

F5 BIG-IP appliances form the application delivery and security backbone for thousands of global enterprises, including cloud service providers, banks, and telecom operators.

A compromise in these systems can:

• expose encrypted network traffic, SSL/TLS sessions, or VPN gateways;
• allow attackers to pivot into internal corporate environments;
• disrupt mission-critical web applications or identity services; and
• compromise downstream customers through supply-chain channels.

From a third-party-risk management standpoint, vendors running vulnerable or unpatched F5 BIG-IP infrastructure could unintentionally provide a bridge for advanced threat actors, particularly those seeking long-term persistence and data exfiltration capabilities. Given the confirmed breach of F5’s development environment, the risk is not limited to known CVEs but extends to undisclosed or weaponizable zero-days derived from stolen code.

WHAT QUESTIONS SHOULD TPRM PROFESSIONALS ASK VENDORS ABOUT THIS VULNERABILITY?

Before accepting vendor risk assurances, organizations should inquire specifically about:

1. Have you applied the patches recommended in advisories K000151902 and K000156572 to all your F5 BIG-IP, BIG-IP Next, BIG-IQ, F5OS, and CNF/SPK platforms to mitigate the risk of the vulnerabilities including CVE-2025-53856, CVE-2025-59781, and CVE-2025-59481?
2. Can you confirm if you have sought integrity validation from NCC Group or IOActive as recommended in the advisory to ensure the security of your F5 BIG-IP environments?
3. 3. Have you implemented measures to monitor for lateral movement, such as reviewing audit logs and network traffic for unauthorized access or data exfiltration attempts, specifically in relation to the vulnerabilities CVE-2025-61951, CVE-2025-61958, and CVE-2025-58096?
4. Have you hardened the management interfaces of your F5 BIG-IP environments by disabling internet exposure of management ports and restricting access through VPN or bastion hosts only, as a response to the vulnerabilities including CVE-2025-61974, CVE-2025-54755, and CVE-2025-58153?

REMEDIATION RECOMMENDATIONS FOR VENDORS SUBJECT TO THIS RISK

Vendors operating affected F5 products should:

• Apply all patches immediately as directed in K000151902 and K000156572.
• Restrict management access by removing public exposure of TMUI, iControl, and SSH.
• Rotate all administrative credentials and API tokens, especially those integrated with CI/CD systems.
• Conduct threat-hunting for lateral movement indicators and TMM crash anomalies.
• Implement continuous monitoring for newly released F5 fixes, as additional vulnerabilities may surface following the October breach investigation.

HOW TPRM PROFESSIONALS CAN LEVERAGE BLACK KITE FOR THIS VULNERABILITY

Black Kite published the F5 BIG-IP APT Risk FocusTag on 16 October 2025, enabling customers to identify vendors hosting exposed or outdated F5 assets—including BIG-IP, BIG-IP Next, F5OS, and BIG-IQ systems.
By cross-referencing vulnerability exposure with vendor IP addresses and subdomains, Black Kite provides targeted visibility into third-party environments affected by these high-severity flaws.
This tag remains active until January 31, 2026, and offers a high confidence level for vendor identification. TPRM professionals can operationalize it by:

• prioritizing vendors flagged with public-facing F5 infrastructure,
• integrating Focus Tag intelligence into ongoing vendor assessment workflows, and
• leveraging the detailed asset data to validate patch compliance and risk reduction.

Black Kite’s F5 BIG-IP APT Risk FocusTagTM details critical insights on the event for TPRM professionals.

CVE-2025-59248, CVE-2025-59249, AND CVE-2025-53782 – MICROSOFT EXCHANGE SERVER

WHAT ARE THE OCTOBER 2025 EXCHANGE SERVER VULNERABILITIES?

In October 2025, Microsoft released patches addressing three high-severity vulnerabilities in Exchange Server 2016, 2019, and Subscription Edition. These flaws — CVE-2025-59248, CVE-2025-59249, and CVE-2025-53782 — affect both on-premises and hybrid deployments.

• CVE-2025-59248 (CVSS 7.5, EPSS 0.10) is a Spoofing vulnerability arising from Improper Input Validation (CWE-20). It can be exploited remotely by an unauthenticated attacker with no privileges or user interaction. Successful exploitation could allow the attacker to manipulate message headers and impersonate trusted senders, leading to data exposure or phishing-based compromise.
• CVE-2025-59249 (CVSS 8.8, EPSS 0.06 %) is an Elevation of Privilege and Improper Authenticationvulnerability. It requires low privileges and no user interaction. Exploitation grants full control over Exchange mailboxes, including the ability to read, send, and delete messages.
• CVE-2025-53782 (CVSS 8.4, EPSS 0.06 %) is another Elevation of Privilege flaw caused by incorrect authentication algorithm implementation (CWE-303). It allows local attackers to execute arbitrary code or gain mailbox access through malicious files or crafted applications.

As of mid-October 2025, no exploitation in the wild has been confirmed and no entries exist in CISA’s Known Exploited Vulnerabilities (KEV) catalog. Microsoft has not published a CISA advisory but urges administrators to install the October 14 2025 cumulative updates immediately. The affected versions include Exchange Server 2016 CU23 and earlier, 2019 CU14/CU15 and earlier, and Subscription Edition RTM builds.

These vulnerabilities are cataloged in the European Union Vulnerability Database as EUVD-2025-34275, EUVD-2025-34376, and EUVD-2025-34428. The EPSS values are expected to increase further as exploitation tooling matures.

WHY SHOULD TPRM PROFESSIONALS CARE ABOUT THESE VULNERABILITIES?

Exchange Server remains a core communication and authentication platform for enterprises worldwide. A compromise exposes sensitive email content, credentials, and potentially Active Directory tokens. From a third-party risk management standpoint, vendors running outdated or unpatched Exchange servers pose a high residual risk to their partners.

A successful exploit could allow:

• unauthorized access to internal and customer communications,
• the impersonation of vendor personnel through compromised mailboxes,
• lateral movement into broader network environments, and
• exfiltration of contractual or financial data stored in mail threads or attachments.

For organizations monitoring vendor ecosystems, these vulnerabilities highlight the importance of prompt patch verification and email-infrastructure visibility. Even in the absence of active exploitation, the Exchange attack surface remains one of the most frequently targeted by threat actors for espionage and credential harvesting.

WHAT QUESTIONS SHOULD TPRM PROFESSIONALS ASK VENDORS ABOUT THESE VULNERABILITIES?

When engaging vendors, security teams should ask:

1. Have you updated all instances of Microsoft Exchange Server 2019 Cumulative Update 14, Cumulative Update 15, 2016 Cumulative Update 23, and Subscription Edition RTM to the respective patched versions to mitigate the risk of CVE-2025-59248, CVE-2025-59249, and CVE-2025-53782?
2. Have you implemented Multi-Factor Authentication (MFA) for all Exchange users, especially administrators, and reviewed and removed unnecessary accounts from Exchange administrative groups to mitigate the risk of exploitation of the Elevation of Privilege vulnerability (CVE-2025-59249)?
3. What monitoring measures have you put in place to detect unauthorized attempts to access mailboxes or elevate privileges, specifically in relation to the Spoofing vulnerability (CVE-2025-59248) and the Elevation of Privilege vulnerability (CVE-2025-59249)?
4. Have you restricted local server access (RDP/physical) to the Exchange Server operating system to essential administrators only, and ensured robust Endpoint Detection and Response (EDR) is active to prevent the execution of malicious local applications, in order to mitigate the risk of the Elevation of Privilege vulnerability (CVE-2025-53782)?

REMEDIATION RECOMMENDATIONS FOR VENDORS SUBJECT TO THIS RISK

Vendors operating affected Exchange servers should:

• Apply the October 2025 patches immediately per Microsoft’s advisories.
• Prioritize Internet-facing servers where CVE-2025-59248 can be exploited remotely.
• Enforce Multi-Factor Authentication (MFA) and apply least-privilege principles to administrative roles.
• Restrict local and RDP access to Exchange servers to minimize the exploitation path for CVE-2025-53782.
• Monitor mailbox activity for unauthorized access attempts or privilege escalation indicators.
• Maintain continuous EDR coverage to detect suspicious local file execution tied to arbitrary-code exploits.

HOW TPRM PROFESSIONALS CAN LEVERAGE BLACK KITE FOR THIS VULNERABILITY

Black Kite released the Exchange Server – Oct 2025 FocusTag on 15 October 2025, classifying it with a Very High Confidence Level. This tag enables users to identify vendors hosting or exposing vulnerable Exchange infrastructure, including public OWA endpoints and outdated build numbers.

Through advanced asset intelligence, Black Kite correlates:

• vendor IPs and subdomains associated with Exchange servers,
• version fingerprints matching the vulnerable builds, and
• patch status where available.

Black Kite’s Exchange Server – Oct2025 FocusTagTM details critical insights on the event for TPRM professionals.

CVE-2025-59237 AND CVE-2025-59228 – MICROSOFT SHAREPOINT

WHAT IS THE MICROSOFT SHAREPOINT RCE VULNERABILITY?

In October 2025, Microsoft confirmed two high-severity Remote Code Execution (RCE) vulnerabilities affecting multiple SharePoint Server editions — CVE-2025-59237 and CVE-2025-59228.
Both issues stem from Deserialization of Untrusted Data (CWE-502) in Microsoft Office SharePoint and can allow authorized attackers to execute arbitrary code across the network.

• CVE-2025-59237 (CVSS 8.8, EPSS 0.50 %) — a critical deserialization flaw that enables an attacker with existing authentication to run malicious code on the target SharePoint server, leading to complete compromise of confidentiality, integrity, and availability.
• CVE-2025-59228 (CVSS 8.8, EPSS 0.09 %) — another RCE vulnerability triggered through unsafe deserialization processes during SharePoint data handling, enabling command execution in the context of the SharePoint service account.

Both vulnerabilities were publicly disclosed on October 15, 2025, and were added to the EU Vulnerability Databaseunder identifiers EUVD-2025-34380and EUVD-2025-34381.
Although public Proof-of-Concept exploits exist, CISA’s Known Exploited Vulnerabilities (KEV) catalog has not yet listed these CVEs, and no exploitation campaigns have been confirmed at the time of writing.
Given the rapid availability of PoC material and the accessibility of SharePoint in enterprise environments, the EPSS values are expected to increase further in the coming weeks.

The affected products include:

• SharePoint Server 2016 (versions < 16.0.5522.1000)
• SharePoint Server 2019 (versions < 16.0.10417.20059)
• SharePoint Server Subscription Edition (versions < 16.0.19127.20262)

WHY SHOULD TPRM PROFESSIONALS CARE ABOUT THESE VULNERABILITIES?

SharePoint is often the collaboration backbone of enterprises, hosting sensitive internal files, project data, and HR or financial documents. A successful exploitation could enable attackers to:

• inject malicious code into internal workflows or stored documents;
• escalate privileges within the organization’s Active Directory environment;
• exfiltrate confidential data stored in SharePoint libraries; and
• disrupt productivity by rendering collaboration portals unavailable.

From a third-party risk management perspective, vendors using unpatched SharePoint instances pose a supply-chain and data-integrity risk. Compromised SharePoint servers may serve as lateral-movement vectors or dissemination points for malicious scripts and weaponized documents, directly affecting connected partners and customers.

WHAT QUESTIONS SHOULD TPRM PROFESSIONALS ASK VENDORS ABOUT THESE VULNERABILITIES?

To assess exposure accurately, TPRM teams should ask vendors:

1. Have you updated all instances of Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server Subscription Edition to the versions that are not affected by the Deserialization of Untrusted Data vulnerability (CVE-2025-59237, CVE-2025-59228)?
2. Can you confirm if you have implemented robust network segmentation to isolate SharePoint servers and restrict network access to only necessary systems and users, as recommended in the advisory for CVE-2025-59237 and CVE-2025-59228?
3. Are you continuously monitoring SharePoint server logs for unusual activity, unauthorized code execution attempts, or suspicious deserialization events that could indicate an attempted or successful exploitation of the Deserialization of Untrusted Data vulnerability (CVE-2025-59237, CVE-2025-59228)?
4. Have you ensured that all user accounts and service accounts interacting with Microsoft Office SharePoint operate with the absolute minimum privileges required for their functions to limit potential impact if an account is compromised, as recommended in the advisory for CVE-2025-59237 and CVE-2025-59228?

REMEDIATION RECOMMENDATIONS FOR VENDORS SUBJECT TO THIS RISK

Vendors managing affected SharePoint deployments should:

• Apply Microsoft’s official October 2025 updates immediately once available via MSRC.
• Limit privileges by ensuring that service and user accounts operate with least-privilege permissions.
• Implement network segmentation to isolate SharePoint servers from unnecessary systems and restrict inbound access.
• Continuously monitor SharePoint logs and EDR alerts for indicators of attempted deserialization or arbitrary code execution.
• Enable application allow-listing and block PowerShell execution on non-administrative accounts to prevent secondary payload delivery.

HOW TPRM PROFESSIONALS CAN LEVERAGE BLACK KITE FOR THIS VULNERABILITY

Black Kite released the Microsoft SharePoint – Oct 2025 FocusTag on 15 October 2025, enabling customers to identify vendors hosting vulnerable or outdated SharePoint servers across enterprise ecosystems.
Through correlated asset intelligence, Black Kite provides visibility into:

• vendor IP addresses and subdomains hosting affected SharePoint instances;
• unpatched build fingerprints derived from public exposure; and
• potential high-risk environments that could facilitate code execution or data leakage.

Black Kite’s Microsoft SharePoint – Oct2025 FocusTagTM details critical insights on the event for TPRM professionals.

CVE-2025-11371 AND CVE-2025-30406 – GLADINET CENTRESTACK & TRIOFOX

Gladinet CentreStack and Triofox are enterprise file-sharing and remote-access platforms that enable organizations to securely access, sync, and collaborate on files stored in on-premises or cloud environments. They are often used by managed service providers (MSPs) to provide cloud-like file services using existing infrastructure. Both solutions integrate with Windows servers and Active Directory, allowing users to map drives, access shared folders remotely, and manage permissions through a centralized management console.

WHAT IS THE GLADINET CENTRESTACK AND TRIOFOX EXPLOITED VULNERABILITY?

In late September 2025, researchers from Huntress confirmed active exploitation of a Local File Inclusion (LFI)vulnerability tracked as CVE-2025-11371 (CVSS: 6.2, EPSS: 0.02%), and a previously patched Remote Code Execution (RCE) vulnerability, CVE-2025-30406 (CVSS: 9.8, EPSS: 86.95%), in Gladinet CentreStack and Triofoxsoftware.

The LFI flaw allows unauthenticated attackers to read arbitrary files on the affected servers — notably the Web.configfile, which contains the application’s machine key. Attackers then use this key to create malicious ViewState payloads, leading to full remote code execution.
Huntress observed in-the-wild exploitation on September 26, 2025, and confirmed successful intrusions across at least three customer environments.

According to Huntress, the vulnerability was exploited to fetch:

GET /storage/t.dn?s=..\..\..\Program+Files+(x86)\Gladinet+Cloud+Enterprise\root\Web.config&sid=1

resulting in a 200 response and direct retrieval of Web.config. This confirmed external exposure of the vulnerable handler (GSUploadDownloadProxy.dll → GladinetStorage.TempDownload), allowing remote file inclusion.

The RCE chain leveraging CVE-2025-30406 (listed in CISA KEV on April 8, 2025) remains exploitable through this new LFI. As of October 14, 2025, the newly discovered CVE-2025-11371 has not yet been added to CISA’s KEV catalog.
Gladinet released version 16.10.10408.56683 on October 14, 2025, to mitigate the LFI flaw.

Both vulnerabilities are recorded in the European Union Vulnerability Database (EUVD-2025-33408, EUVD-2025-9671). Given the confirmed exploitation and PoC availability, the EPSS value is expected to rise further.

WHY SHOULD TPRM PROFESSIONALS CARE ABOUT THESE VULNERABILITIES?

Gladinet CentreStack and Triofox are cloud file-sharing and synchronization platforms used widely by managed service providers and enterprises to enable remote access to internal data. A compromise of these systems can result in:

• Unauthorized access to sensitive corporate files stored in shared folders,
• RCE-based takeover of the underlying Windows server,
• Credential theft via machine key extraction, and
• Potential propagation of malware or ransomware through shared sync environments.

From a third-party risk management perspective, vendors using vulnerable CentreStack or Triofox deployments represent a critical supply-chain exposure. Attackers gaining access to vendor-hosted file sync systems could leverage this to infiltrate downstream organizations, tamper with distributed content, or conduct data theft campaigns.

WHAT QUESTIONS SHOULD TPRM PROFESSIONALS ASK VENDORS ABOUT THESE VULNERABILITIES?

When engaging vendors, organizations should ask:

1. Have you implemented the immediate mitigation recommended by Huntress, specifically disabling the `temp` handler within the `Web.config` file of your Gladinet CentreStack and Triofox installations, to block exploitation until an official patch is released for CVE-2025-11371?
2. Can you confirm if you have enhanced your network security by implementing web application firewalls (WAFs) or other perimeter security measures that can help detect and block Local File Inclusion (LFI) attempts and suspicious ViewState payloads, as recommended in the advisory?
3. Are you actively monitoring network traffic and server logs for any signs of unusual activity, especially attempts to read `Web.config` files, ViewState deserialization attacks, or unexpected child processes spawned by the web server, as part of your response to the vulnerabilities CVE-2025-11371 and CVE-2025-30406?
4. Have you been regularly checking Gladinet’s official channels for the release of security patches addressing CVE-2025-11371 and applying them as soon as they become available?

REMEDIATION RECOMMENDATIONS FOR VENDORS SUBJECT TO THIS RISK

Vendors using Gladinet CentreStack or Triofox should take immediate action:

• Apply the October 2025 patch (v16.10.10408.56683) or newer as released by Gladinet.
• If patching is not possible, disable the temp handler in Web.config as recommended by Huntress.
• Monitor IIS logs for suspicious GET requests targeting /storage/t.dn paths or attempts to access Web.config.
• Review EDR and SIEM alerts for PowerShell or web server child processes indicative of remote command execution.
• Restrict access to management interfaces and ensure these applications are not publicly exposed without a reverse proxy or WAF.

HOW TPRM PROFESSIONALS CAN LEVERAGE BLACK KITE FOR THIS VULNERABILITY

Black Kite published the Gladinet CentreStack & Triofox [Suspected] FocusTag on October 14, 2025, with a Medium Confidence Level.
This tag helps identify vendors hosting Gladinet-related assets (CentreStack or Triofox) susceptible to LFI or RCE exploitation.
Black Kite’s vendor intelligence platform correlates:

• Public IPs and subdomains exposing the affected software,
• Observed version fingerprints preceding v16.10.10408.56683, and
• Vulnerable ViewState endpoints that could indicate exposure.

Black Kite’s Gladinet CentreStack & TrioFox [Suspected] FocusTagTM details critical insights on the event for TPRM professionals.

CVE-2025-61913 – FLOWISE

Flowise is an open-source, drag-and-drop visual tool designed to build, deploy, and manage Large Language Model (LLM) applications and AI agent workflows without needing extensive coding. It provides a graphical interface where users can connect nodes — such as prompts, APIs, memory, and logic — to create conversational AI systems or automation pipelines.

You can find the details of this Focus Tag, which we tagged last week, below from a TPRM perspective.

WHAT IS THE FLOWISE REMOTE CODE EXECUTION VULNERABILITY?

CVE-2025-61913 (CVSS: 9.9, EPSS: 0.52%) is a critical path traversal and remote code execution vulnerabilityaffecting Flowise, an open-source platform used for building AI agent workflows and large language model (LLM) pipelines.
The issue resides in the WriteFileTool and ReadFileTool components, which fail to properly validate file paths. This flaw allows authenticated attackers to read or write arbitrary files anywhere on the host system.

When exploited, an attacker could overwrite sensitive configuration or startup files — for example, /etc/ld.so.preload or ~/.ssh/authorized_keys — leading to full remote code execution (RCE).
According to the SecurityOnline report, the vulnerability stems from unfiltered use of the file_path parameter in the WriteFileTool’s code, which directly writes attacker-controlled content to arbitrary locations on disk.

Discovered and disclosed on October 9, 2025, this flaw affects Flowise versions up to and including 3.0.5, with a fix introduced in version 3.0.8. There is no public proof-of-concept exploit, and no active exploitation has been reported.
As of mid-October 2025, it has not been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. However, given its high EPSS and critical CVSS score, the likelihood of exploitation is expected to increase as Flowise continues to gain adoption in AI automation environments.

WHY SHOULD TPRM PROFESSIONALS CARE ABOUT THIS VULNERABILITY?

Flowise is commonly integrated into AI model orchestration, data analytics pipelines, and CI/CD systems across organizations. These deployments often operate with elevated privileges, providing an attractive attack vector for lateral movement or infrastructure compromise.
If exploited, an attacker could:

• Inject malicious code or scripts into LLM workflows;
• Exfiltrate API keys, model weights, or training data stored locally;
• Manipulate AI agent outputs to achieve unauthorized automation; and
• Compromise connected systems such as developer workstations or cloud-based inference nodes.

From a third-party risk management (TPRM) standpoint, vendors using Flowise within internal or client-facing automation stacks pose a significant supply-chain risk. Because Flowise directly interacts with filesystem and model I/O, unauthorized file access could cascade into data poisoning, source code alteration, or credential theft in downstream environments.

WHAT QUESTIONS SHOULD TPRM PROFESSIONALS ASK VENDORS ABOUT THIS VULNERABILITY?

When assessing vendor exposure to this flaw, TPRM professionals should ask:

1. Have you upgraded all Flowise installations to version 3.0.8 or later to remediate CVE-2025-61913?
2. Are WriteFileTool and ReadFileTool components restricted to sandboxed directories or isolated containers?
3. Have you audited system logs for unauthorized file write operations or unexpected modification of configuration files?
4. Are Flowise deployments authenticated and network-isolated, preventing external users from interacting with file operation tools?

REMEDIATION RECOMMENDATIONS FOR VENDORS SUBJECT TO THIS RISK

Organizations and vendors running Flowise should:

• Immediately upgrade to Flowise version 3.0.8 or later, which contains the official patch.
• Restrict filesystem permissions so that the Flowise process cannot modify sensitive OS-level directories.
• Disable WriteFileTool and ReadFileTool in environments where direct file access is unnecessary.
• Implement continuous monitoring for unauthorized file creation, particularly within /etc/, ~/.ssh/, or startup directories.
• Rotate API tokens and SSH keys if compromise is suspected or arbitrary file writes were detected.

HOW TPRM PROFESSIONALS CAN LEVERAGE BLACK KITE FOR THIS VULNERABILITY

Black Kite released the Flowise FocusTag on October 9, 2025, with a High Confidence Level, helping users detect vendors running vulnerable Flowise assets in their ecosystems.
Using external intelligence, Black Kite identifies:

• IPs and subdomains associated with exposed Flowise environments,
• Version fingerprints indicating unpatched deployments (≤3.0.5), and
• AI development endpoints linked to LLM orchestration tools.

Black Kite’s Flowise FocusTagTM details critical insights on the event for TPRM professionals.

MAXIMIZING TPRM READINESS WITH BLACK KITE’S FOCUSTAGS™

Black Kite’s FocusTags™ serve as a vital bridge between vulnerability intelligence and actionable third-party risk management. In a week marked by APT-related breaches, RCE chains, and emerging AI-tool exposures, Focus Tags™ empower security teams to make faster, data-driven decisions.

Key advantages include:

• Real-Time Vendor Exposure Identification: Instantly recognize which vendors are affected by newly disclosed vulnerabilities, such as those impacting F5 BIG-IP, Flowise, or Microsoft enterprise servers.
• Contextual Risk Prioritization: Rank vulnerabilities by both severity and vendor criticality to allocate resources efficiently and reduce remediation lag.
• Informed Vendor Engagement: Facilitate focused conversations with vendors, ensuring they have implemented patches, access controls, and compensating safeguards for these specific exposures.
• Holistic Supply Chain Visibility: Gain an enterprise-wide understanding of where critical technologies like Exchange or SharePoint intersect with third-party operations, reducing systemic risk.

By transforming complex technical data into precise vendor-level insights, Black Kite’s FocusTags™ equip TPRM professionals to respond decisively to evolving cyber threats. Whether mitigating advanced APT risks or ensuring secure adoption of AI-driven platforms, Focus Tags™ deliver clarity, speed, and confidence in managing third-party security posture across the entire supply chain.