CVE-2025-13164 MEDIUM

CVE-2025-13164: Digiwin|EasyFlow GP - Insufficiently Protected Credentials

Vendor Digiwin
Product EasyFlow GP
Weakness CWE-522 · Insufficiently protected credentials
Published November 17, 2025
Last update November 17, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend.

Key dates

02Disclosure timeline

November 17, 2025 CVE published
November 17, 2025 Record updated