Insufficiently Protected Credentials in EasyFlow GP by Digiwin
CVE-2025-13164

6.9MEDIUM

Key Information:

Vendor: Digiwin
Status: Easyflow Gp
Vendor: CVE Published:; 17 November 2025

What is CVE-2025-13164?

EasyFlow GP, developed by Digiwin, has a notable vulnerability that compromises credential security. This vulnerability allows unauthorized remote attackers to access plaintext credentials for Active Directory and system mail through the system's frontend. Such a security flaw can lead to serious breaches of information confidentiality, exposing sensitive data to malicious actors. Organizations using EasyFlow GP are advised to apply available patches and enhance their security measures to mitigate potential risks.

Affected Version(s)

EasyFlow GP 5.8.8.3 <= 5.8.11.1.0810112

References

https://www.twcert.org.tw/tw/cp-132-10503-a66fe-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10504-23f4c-2.html

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Nov 14, 2025

JSON