CVE-2025-13161
📋 TL;DR
CVE-2025-13161 is an arbitrary file read vulnerability in IQ-Support software that allows unauthenticated remote attackers to download any system file through relative path traversal. This affects all organizations using vulnerable versions of IQ-Support developed by IQ Service International. Attackers can access sensitive files without authentication.
💻 Affected Systems
- IQ-Support
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through reading sensitive files like /etc/shadow, SSH keys, configuration files with credentials, leading to lateral movement and data exfiltration.
Likely Case
Unauthorized access to sensitive configuration files, user data, and system information that could enable further attacks or data theft.
If Mitigated
Limited impact if proper network segmentation, file system permissions, and monitoring are in place to detect and block traversal attempts.
🎯 Exploit Status
Path traversal vulnerabilities are well-understood and easy to exploit. No authentication required makes this particularly dangerous.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched version
Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10502-11c6d-2.html
Restart Required: Yes
Instructions:
1. Check current IQ-Support version. 2. Contact IQ Service International for patched version. 3. Apply patch following vendor instructions. 4. Restart IQ-Support service. 5. Verify fix by testing path traversal attempts.
🔧 Temporary Workarounds
Network Access Control
allRestrict access to IQ-Support to trusted IP addresses only
Web Application Firewall Rules
allBlock path traversal patterns in requests to IQ-Support
WAF rule to block requests containing '../', '..\', or absolute paths
🧯 If You Can't Patch
- Isolate IQ-Support system in separate network segment with strict firewall rules
- Implement file system permissions to restrict access to sensitive system files
🔍 How to Verify
Check if Vulnerable:
Attempt to access system files via IQ-Support interface using path traversal payloads like '../../../../etc/passwd' or '..\..\windows\win.ini'Check Version:
Check IQ-Support version in web interface or configuration filesVerify Fix Applied:
Test same path traversal attempts after patch - they should return error messages or be blocked📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../', '..\', or attempts to access known system file paths
- Unusual file access patterns from IQ-Support process
Network Indicators:
- HTTP requests with path traversal patterns to IQ-Support endpoints
- Multiple failed file access attempts
SIEM Query:
source="iq-support.log" AND ("../" OR "..\\" OR "/etc/" OR "/windows/")