CVE-2025-13164

MEDIUM

EasyFlow GP - Info Disclosure

Title source: llm

Description

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend.

References (2)

[Various Sources] https://www.twcert.org.tw/tw/cp-132-10503-a66fe-1.html

[Various Sources] https://www.twcert.org.tw/en/cp-139-10504-23f4c-2.html

Scores

CVSS v3 4.9

EPSS 0.0005

EPSS Percentile 14.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-522

Status published

Products (1)

Digiwin/EasyFlow GP 5.8.8.3 - 5.8.11.1.0810112

Published Nov 17, 2025

Tracked Since Feb 18, 2026