CVE-2025-13163
📋 TL;DR
EasyFlow GP software by Digiwin has a vulnerability where database credentials are insufficiently protected, allowing remote attackers with privileged access to obtain plaintext credentials from the system frontend. This affects organizations using vulnerable versions of EasyFlow GP for workflow management.
💻 Affected Systems
- EasyFlow GP
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain database credentials, potentially leading to full database compromise, data exfiltration, or lateral movement to other systems.
Likely Case
Privileged insiders or compromised accounts extract database credentials, enabling unauthorized data access or manipulation.
If Mitigated
With proper network segmentation and credential rotation, impact is limited to credential exposure without further exploitation.
🎯 Exploit Status
Exploitation requires privileged access but is technically simple once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025.1.1
Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10504-23f4c-2.html
Restart Required: Yes
Instructions:
1. Download patch from Digiwin support portal. 2. Backup system and database. 3. Apply patch following vendor instructions. 4. Restart EasyFlow GP services.
🔧 Temporary Workarounds
Restrict Access
allLimit network access to EasyFlow GP frontend to trusted IPs only.
Use firewall rules to restrict access to EasyFlow GP ports (typically 80/443)
Credential Rotation
allChange database credentials regularly to limit exposure window.
ALTER USER 'dbuser'@'localhost' IDENTIFIED BY 'new_strong_password';
🧯 If You Can't Patch
- Implement strict access controls and monitor privileged user activity.
- Isolate database server from application server and implement network segmentation.
🔍 How to Verify
Check if Vulnerable:
Check EasyFlow GP version in administration panel; versions below 2025.1.1 are vulnerable.Check Version:
Check version in EasyFlow GP web interface under System Information or Administration settings.Verify Fix Applied:
Verify version is 2025.1.1 or higher in administration panel and test credential exposure functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to credential-related endpoints
- Multiple failed authentication attempts followed by credential access
Network Indicators:
- Unusual outbound connections from EasyFlow GP server to database
- Traffic patterns indicating credential extraction
SIEM Query:
source="EasyFlowGP" AND (event_type="credential_access" OR endpoint="*/credential*" OR status="sensitive_data_access")