CVE-2025-13164
📋 TL;DR
EasyFlow GP software by Digiwin has a vulnerability where insufficient credential protection allows remote attackers with privileged access to obtain plaintext Active Directory and system mail credentials from the frontend. This affects organizations using vulnerable versions of EasyFlow GP for workflow management.
💻 Affected Systems
- EasyFlow GP
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative credentials leading to complete system compromise, data exfiltration, and lateral movement across the network.
Likely Case
Privileged attackers steal AD credentials to escalate privileges, access sensitive data, and potentially compromise other systems.
If Mitigated
With proper network segmentation and monitoring, impact is limited to the EasyFlow GP system itself.
🎯 Exploit Status
Exploitation requires existing privileged access to the system frontend
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in references; check vendor advisory
Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10504-23f4c-2.html
Restart Required: Yes
Instructions:
1. Contact Digiwin for patch details. 2. Apply the security update. 3. Restart EasyFlow GP services. 4. Verify credential protection.
🔧 Temporary Workarounds
Restrict network access
allLimit remote access to EasyFlow GP frontend to trusted IPs only
Use firewall rules to restrict access to EasyFlow GP ports
Implement credential monitoring
allMonitor for unusual credential access patterns
Configure SIEM alerts for credential retrieval events
🧯 If You Can't Patch
- Isolate EasyFlow GP system in a segmented network zone
- Implement strict access controls and audit all privileged user activities
🔍 How to Verify
Check if Vulnerable:
Check if EasyFlow GP version is unpatched and credentials are stored insecurely in frontendCheck Version:
Check EasyFlow GP administration panel or consult vendor documentationVerify Fix Applied:
Verify patch installation and test that credentials are no longer accessible in plaintext📡 Detection & Monitoring
Log Indicators:
- Unusual credential access patterns from frontend
- Multiple failed authentication attempts followed by credential retrieval
Network Indicators:
- Unexpected traffic to/from EasyFlow GP frontend from unauthorized sources
SIEM Query:
source="EasyFlow GP" AND (event="credential_access" OR event="authentication_failure")