CVE-2025-13163

Summary

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system frontend.

Affected Software

VendorProductVersion RangeStatus
DigiwinEasyFlow GP5.8.8.3 <= 5.8.11.1.0810112affected
DigiwinEasyFlow GP8.1.* <= 8.1.1.2affected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References