CVE-2025-13164

MEDIUM

EasyFlow GP - Info Disclosure

Title source: llm

Description

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend.

References (2)

[Various Sources] https://www.twcert.org.tw/en/cp-139-10504-23f4c-2.html

[Various Sources] https://www.twcert.org.tw/tw/cp-132-10503-a66fe-1.html

Scores

CVSS v3 4.9

EPSS 0.0005

EPSS Percentile 16.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status draft

Timeline

Published Nov 17, 2025

Tracked Since Feb 18, 2026