Denial of Service Vulnerability in EasyFlow GP by Digiwin
CVE-2025-13165

8.7HIGH

Key Information:

Vendor: Digiwin
Status: Easyflow Gp
Vendor: CVE Published:; 17 November 2025

What is CVE-2025-13165?

EasyFlow GP, created by Digiwin, is susceptible to a Denial of Service vulnerability. This allows unauthorized remote attackers to send specially crafted requests, disrupting web service availability and potentially causing significant downtime for users. It is crucial for organizations using this product to apply the necessary patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

EasyFlow GP 5.8.8.3 <= 5.8.11.1.0810112

EasyFlow GP 8.1.x <= 8.1.1.2

EasyFlow GP 5.7.x <= 5.7.7.2

References

https://www.twcert.org.tw/tw/cp-132-10503-a66fe-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10504-23f4c-2.html

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Nov 14, 2025

JSON