CVE-2025-13221 MEDIUM

CVE-2025-13221: Intelbras UnniTI usuarios.xml credentials storage

Vendor Intelbras
Product UnniTI
Weakness CWE-256
Published November 15, 2025
Last update January 7, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. Executing manipulation of the argument Usuario/Senha can lead to unprotected storage of credentials. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

Key dates

02Disclosure timeline

November 15, 2025 CVE published
January 7, 2026 Record updated