Digiwin｜EasyFlow GP – Insufficiently Protected Credentials_CVE-2025-13164

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend.

Basic Information

ID CVE-2025-13164

Source twcert

Published Nov 17, 2025 at 06:23

Affected Product

Vendor Digiwin

Product EasyFlow GP

Version 5.8.8.3

Affected Versions Digiwin EasyFlow GP 5.8.8.3

CWE Classification

CWE-522

References

{
    "lastseen": "",
    "description": "EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend.",
    "published": "2025-11-17T06:23:21.352Z",
    "modified": "2025-11-17T06:23:21.352Z",
    "type": "cve",
    "title": "Digiwin\uff5cEasyFlow GP - Insufficiently Protected Credentials",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10503-a66fe-1.html\nhttps://www.twcert.org.tw/en/cp-139-10504-23f4c-2.html",
    "id": "CVE-2025-13164",
    "bulletinFamily": "",
    "cwe": [
        "CWE-522"
    ],
    "cvelist": null,
    "sourceData": "Digiwin EasyFlow GP 5.8.8.3",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EasyFlow GP",
    "version": "5.8.8.3",
    "vendor": "Digiwin",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}