CVE-2025-13768 – WebITR software developed by Uniong contains an... (How to Fix)

Q: What is the severity of CVE-2025-13768?

CVE-2025-13768 has a CVSS score of 7.5 (HIGH). WebITR software developed by Uniong contains an authentication bypass vulnerability that allows authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers need to first obtain a user ID to exploit this vulnerability. This affects all organizations using vulnerable versions of WebITR.

📋 TL;DR

WebITR software developed by Uniong contains an authentication bypass vulnerability that allows authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers need to first obtain a user ID to exploit this vulnerability. This affects all organizations using vulnerable versions of WebITR.

💻 Affected Systems

Products:

WebITR

Versions: All versions prior to 2025.1.1

Operating Systems: All platforms running WebITR

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of WebITR are affected regardless of configuration.

📦 What is this software?

Webitr by Uniong

View all CVEs affecting Webitr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative privileges, access sensitive data, modify system configurations, and potentially pivot to other systems.

🟠

Likely Case

Attackers escalate privileges to access unauthorized data or perform unauthorized actions within the application.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to the application layer with detection of anomalous login patterns.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access first, then parameter manipulation to bypass authentication checks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.1.1

Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10539-21f45-2.html

Restart Required: Yes

Instructions:

1. Download WebITR version 2025.1.1 from Uniong's official website. 2. Backup current installation. 3. Apply the update following vendor instructions. 4. Restart the WebITR service.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to WebITR to trusted IP addresses only

Parameter Validation

all

Implement WAF rules to block suspicious parameter modifications

🧯 If You Can't Patch

Implement strict network segmentation to isolate WebITR from critical systems
Enable detailed authentication logging and monitor for unusual login patterns

🔍 How to Verify

Check if Vulnerable:

Check WebITR version in administration panel or configuration files

Check Version:

Check WebITR admin interface or consult vendor documentation

Verify Fix Applied:

Verify version is 2025.1.1 or later and test authentication bypass attempts fail

📡 Detection & Monitoring

Log Indicators:

Multiple login attempts with different user IDs from same source
Successful logins with unusual user privilege escalation

Network Indicators:

Unusual authentication parameter patterns in HTTP requests

SIEM Query:

source="webitr" AND (event="login" AND user_id_changed=true) OR (event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2025-13768

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-639

EPSS Score: 0.25% exploit probability (48.2th percentile)

Published: November 28, 2025

Last Updated: December 1, 2025

🔗 References

https://www.twcert.org.tw/en/cp-139-10539-21f45-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-10538-6a26d-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13768, you might also want to check these: