CVE-2025-13163 identifies a vulnerability classified under CWE-522 (Insufficiently Protected Credentials) in Digiwin's EasyFlow GP product, specifically affecting versions 5.8.8.3 and all 8.1.* releases. The flaw allows privileged remote attackers to extract plaintext database account credentials directly from the system frontend interface. This vulnerability arises because the application fails to adequately protect sensitive credential information, exposing it in a retrievable form. The attack vector is network-based (AV:N), requiring low attack complexity (AC:L) but necessitating privileged remote access (PR:H). No user interaction (UI:N) or authentication (AT:N) beyond privileged access is needed, and the vulnerability impacts confidentiality heavily (VC:H) without affecting integrity or availability. The scope is unchanged, and no security controls mitigate the vulnerability (SC:N). Although no public exploits are known, the exposure of plaintext credentials could facilitate lateral movement, unauthorized database access, and data exfiltration. The vulnerability was published on November 17, 2025, with no patches currently available, emphasizing the need for immediate risk management. Digiwin EasyFlow GP is used in enterprise resource planning and workflow management, making the confidentiality breach particularly sensitive. The vulnerability's medium CVSS score of 6.9 reflects a balance between the severity of credential exposure and the requirement for privileged access.

For European organizations, this vulnerability poses a significant risk to the confidentiality of sensitive database credentials, potentially leading to unauthorized access to critical business data and systems. Organizations in sectors such as manufacturing, logistics, and enterprise resource planning that rely on Digiwin EasyFlow GP could face data breaches, intellectual property theft, and operational disruption. The exposure of plaintext credentials can facilitate further attacks, including privilege escalation and lateral movement within networks. This risk is heightened in environments where EasyFlow GP interfaces with other critical systems or sensitive data repositories. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially given the medium CVSS score and the potential for targeted attacks by advanced threat actors. European companies with remote privileged access configurations are particularly vulnerable. The impact on regulatory compliance, such as GDPR, could be substantial if personal or sensitive data is compromised due to this vulnerability.

1. Immediately restrict privileged remote access to the EasyFlow GP system frontend to trusted administrators only, using network segmentation and firewall rules. 2. Implement strong monitoring and logging of all privileged access to detect suspicious activities or unauthorized attempts to retrieve credentials. 3. Use multi-factor authentication (MFA) for all privileged accounts to reduce the risk of credential misuse. 4. Encrypt sensitive configuration files and credentials at rest and in transit, if possible, to minimize exposure. 5. Regularly audit and rotate database credentials to limit the window of opportunity for attackers. 6. Engage with Digiwin for timely updates and patches; apply them as soon as they become available. 7. Conduct internal penetration testing focusing on credential exposure and privilege escalation paths related to EasyFlow GP. 8. Educate system administrators about the risks of exposing plaintext credentials and enforce secure credential management policies. 9. Consider deploying endpoint detection and response (EDR) solutions to identify anomalous behaviors linked to credential theft. 10. Review and harden the overall security posture of systems integrating with EasyFlow GP to prevent cascading impacts.