CVE-2025-13164 | THREATINT

Description

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend.

PUBLISHED Reserved 2025-11-14 | Published 2025-11-17 | Updated 2025-11-17 | Assigner twcert

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 4.9CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-522 Insufficiently Protected Credentials

Product status

Default status

unaffected

5.8.8.3 (custom)

affected

References

www.twcert.org.tw/tw/cp-132-10503-a66fe-1.html third-party-advisory

www.twcert.org.tw/en/cp-139-10504-23f4c-2.html third-party-advisory

cve.org (CVE-2025-13164)

nvd.nist.gov (CVE-2025-13164)

Download JSON