CVE-2025-13175

Summary

Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector. This issue affects Y Soft SafeQ 6 in versions before MU106.

Affected Software

VendorProductVersion RangeStatus
YSoftSafeQ 60 < MU106affected

Weaknesses

  • CWE-549: CWE-549 Missing Password Field Masking

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References