CVE-2025-13160
📋 TL;DR
IQ-Support software by IQ Service International contains an information exposure vulnerability that allows unauthenticated remote attackers to access specific APIs and obtain sensitive information from internal networks. This affects organizations using IQ-Support software with exposed endpoints. Attackers can gather internal network data without authentication.
💻 Affected Systems
- IQ-Support
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers map internal network topology, identify additional targets, and gather credentials or sensitive data leading to lateral movement and full network compromise.
Likely Case
Attackers harvest internal IP addresses, hostnames, and service information to plan further attacks against the organization's infrastructure.
If Mitigated
Limited exposure of non-critical internal information with no path to further exploitation due to network segmentation and access controls.
🎯 Exploit Status
The vulnerability allows unauthenticated access to specific APIs, suggesting simple HTTP requests can trigger the information exposure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in provided references
Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10502-11c6d-2.html
Restart Required: Yes
Instructions:
1. Contact IQ Service International for patching guidance. 2. Apply the latest security update for IQ-Support. 3. Restart the IQ-Support service. 4. Verify the fix by testing API access.
🔧 Temporary Workarounds
Network Access Control
allRestrict network access to IQ-Support APIs to trusted IP addresses only
API Endpoint Protection
allImplement authentication or API gateway protection for vulnerable endpoints
🧯 If You Can't Patch
- Isolate IQ-Support systems in a separate network segment with strict firewall rules
- Implement network monitoring and alerting for unauthorized access attempts to IQ-Support APIs
🔍 How to Verify
Check if Vulnerable:
Test if unauthenticated requests to IQ-Support APIs return internal network information. Use tools like curl to query suspected endpoints.Check Version:
Check IQ-Support documentation or administrative interface for version informationVerify Fix Applied:
After patching, verify that unauthenticated requests to previously vulnerable APIs no longer return sensitive internal information.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated API requests to IQ-Support endpoints
- Unusual volume of requests to specific IQ-Support APIs
- Requests from unexpected IP addresses to IQ-Support
Network Indicators:
- Unusual traffic patterns to IQ-Support API endpoints
- External IP addresses accessing internal-only APIs
SIEM Query:
source="iq-support" AND (status=200 OR status=401) AND user="-" | stats count by src_ip