CVE-2025-13187 MEDIUM

CVE-2025-13187: Intelbras ICIP acessodeusuario.xml credentials storage

Vendor Intelbras
Product ICIP
Weakness CWE-256
Published November 14, 2025
Last update November 17, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Key dates

02Disclosure timeline

November 14, 2025 CVE published
November 17, 2025 Record updated