CVE-2025-13175
📋 TL;DR
This vulnerability allows administrators with UI access to Y Soft SafeQ 6 to reveal Workflow Connector passwords using browser developer tools. Only customers with password-protected scan workflow connectors are affected. The issue exposes sensitive credentials that should remain hidden.
💻 Affected Systems
- Y Soft SafeQ 6
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Administrator credentials for workflow connectors are exposed, potentially allowing unauthorized access to connected systems or data exfiltration.
Likely Case
An administrator accidentally or intentionally reveals connector passwords, compromising the security of connected scanning workflows.
If Mitigated
With proper access controls and monitoring, the impact is limited to authorized administrators who already have significant system access.
🎯 Exploit Status
Exploitation requires authenticated administrator access to the SafeQ web interface and basic knowledge of browser developer tools.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: MU106 or later
Vendor Advisory: https://docs.ysoft.cloud/safeq6/latest/safeq6/release-notes-build-106
Restart Required: Yes
Instructions:
1. Download MU106 update from Y Soft support portal. 2. Backup current configuration. 3. Apply the update following vendor instructions. 4. Restart SafeQ services. 5. Verify version shows MU106 or higher.
🔧 Temporary Workarounds
Restrict Administrator Access
allLimit SafeQ UI access to only trusted administrators who require it for their duties.
Monitor Administrator Activity
allImplement logging and monitoring of administrator access to SafeQ interface.
🧯 If You Can't Patch
- Implement strict access controls to limit SafeQ UI access to essential personnel only.
- Regularly rotate Workflow Connector passwords and monitor for unauthorized access attempts.
🔍 How to Verify
Check if Vulnerable:
Check SafeQ version in administration interface. If version is below MU106 and password-protected scan workflow connectors are configured, the system is vulnerable.Check Version:
Check version in SafeQ web interface under Help > About or via administration console.Verify Fix Applied:
After applying MU106, verify the password field in Workflow Connector configuration cannot be revealed via browser developer tools.📡 Detection & Monitoring
Log Indicators:
- Unusual administrator access patterns to SafeQ interface
- Multiple failed authentication attempts to workflow connectors
Network Indicators:
- Unexpected connections from SafeQ server to scanning workflow endpoints
SIEM Query:
source="safeq" AND (event_type="admin_login" OR event_type="connector_access")