CVE-2025-13221

MEDIUM

Intelbras UnniTI 24.07.11 - Info Disclosure

Title source: llm

Description

A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. Executing manipulation of the argument Usuario/Senha can lead to unprotected storage of credentials. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.332537

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.332537

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.685825

Various Sources exploit

https://www.notion.so/eldruin/Intelbras-UnniTI-Plaintext-Admin-Credentials-Disclosure-29c27474cccb8008b2d7ea60affdf86e?source=copy_link

Scores

CVSS v3 5.3

EPSS 0.0031

EPSS Percentile 22.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-255 CWE-256

Status published

Products (1)

Intelbras/UnniTI 24.07.11

Published Nov 15, 2025

Tracked Since Feb 18, 2026