CVE-2025-13770 – WebITR software developed by Uniong contains a ... (How to Fix)

Q: What is the severity of CVE-2025-13770?

CVE-2025-13770 has a CVSS score of 6.5 (MEDIUM). WebITR software developed by Uniong contains a SQL injection vulnerability that allows authenticated remote attackers to execute arbitrary SQL commands and read database contents. This affects organizations using WebITR with authenticated user access. Attackers could potentially extract sensitive information from the database.

📋 TL;DR

WebITR software developed by Uniong contains a SQL injection vulnerability that allows authenticated remote attackers to execute arbitrary SQL commands and read database contents. This affects organizations using WebITR with authenticated user access. Attackers could potentially extract sensitive information from the database.

💻 Affected Systems

Products:

WebITR

Versions: Specific versions not detailed in references, but all versions prior to patching are likely affected

Operating Systems: All platforms running WebITR

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access, but any authenticated user can potentially exploit this vulnerability

📦 What is this software?

Webitr by Uniong

View all CVEs affecting Webitr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including sensitive business data, user credentials, and potential lateral movement to other systems

🟠

Likely Case

Data exfiltration of business information, user data, and potential credential harvesting

🟢

If Mitigated

Limited data exposure if proper input validation and database permissions are implemented

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit with basic web security testing tools

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references

Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10539-21f45-2.html

Restart Required: Yes

Instructions:

1. Contact Uniong for patch information 2. Apply the latest security update 3. Restart WebITR services 4. Verify the fix

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement strict input validation and parameterized queries

Database Permission Reduction

all

Limit database user permissions to read-only where possible

🧯 If You Can't Patch

Implement web application firewall (WAF) with SQL injection rules
Restrict network access to WebITR to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Test authenticated endpoints with SQL injection payloads using tools like sqlmap or manual testing

Check Version:

Check WebITR version in administration panel or contact vendor

Verify Fix Applied:

Retest with SQL injection payloads after patching to confirm they are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts followed by SQL-like queries

Network Indicators:

Unusual database query patterns from web server
Large data transfers from database to external IPs

SIEM Query:

source="webitr_logs" AND (message="sql" OR message="database" OR message="query") AND severity="ERROR"

📊 Metadata

CVE ID: CVE-2025-13770

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

EPSS Score: 0.05% exploit probability (16.2th percentile)

Published: November 28, 2025

Last Updated: December 1, 2025

🔗 References

https://www.twcert.org.tw/en/cp-139-10539-21f45-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-10538-6a26d-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13770, you might also want to check these: