CVE-2025-13187 is a vulnerability identified in Intelbras ICIP version 2.0.20, specifically involving the unprotected storage of user credentials within the XML file located at /xml/sistema/acessodeusuario.xml. The vulnerability stems from improper handling and storage of the NomeUsuario (username) and SenhaAcess (password) parameters, which are stored in an unencrypted or otherwise unprotected manner. This flaw can be exploited remotely without requiring any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). An attacker can manipulate the relevant arguments to retrieve sensitive credential information directly from the system. The exposure of these credentials compromises confidentiality and potentially allows unauthorized access to the affected system or network. Although no active exploits have been reported in the wild, the public disclosure of the exploit details increases the likelihood of future attacks. The vulnerability does not affect system integrity or availability directly but poses a significant risk to confidentiality and access control. The CVSS 4.0 score of 6.9 classifies this as a medium-severity issue, reflecting the ease of exploitation and the sensitive nature of the data exposed. Intelbras ICIP is typically used in security and surveillance contexts, making the protection of credentials critical to maintaining system security.

For European organizations, the unprotected storage of credentials in Intelbras ICIP 2.0.20 could lead to unauthorized access to surveillance or access control systems, potentially compromising physical security and sensitive operational data. Confidentiality breaches may expose user credentials, enabling attackers to pivot within networks or escalate privileges. This could result in unauthorized monitoring, data theft, or manipulation of security systems. Organizations in critical infrastructure sectors such as transportation, energy, and public safety that deploy Intelbras ICIP are particularly at risk. The remote exploitability without authentication increases the threat surface, especially for systems exposed to the internet or poorly segmented networks. The lack of known active exploits currently reduces immediate risk but the public availability of exploit information necessitates proactive mitigation. Overall, the impact includes potential loss of confidentiality, increased risk of unauthorized access, and undermining of trust in security systems.

1. Immediately restrict access permissions to the /xml/sistema/acessodeusuario.xml file to prevent unauthorized reading or modification, ideally limiting it to trusted system processes only. 2. Monitor network traffic and system logs for unusual access patterns or attempts to retrieve the vulnerable XML file remotely. 3. Implement network segmentation and firewall rules to limit external exposure of Intelbras ICIP systems, especially blocking access to management interfaces from untrusted networks. 4. Apply vendor patches or updates as soon as they become available; if no patch exists yet, consider temporary compensating controls such as disabling remote access or isolating affected devices. 5. Conduct credential rotation for any accounts stored or managed by the affected system to mitigate risks from previously exposed credentials. 6. Employ encryption or secure storage mechanisms for credentials in future deployments or configurations to prevent similar vulnerabilities. 7. Educate IT and security teams about this vulnerability and ensure incident response plans include detection and remediation steps for potential exploitation.