CVE-2025-13187 is a vulnerability identified in Intelbras ICIP version 2.0.20 involving unprotected storage of user credentials within the XML file located at /xml/sistema/acessodeusuario.xml. The vulnerability stems from improper handling and storage of the NomeUsuario (username) and SenhaAcess (password) fields, which are stored in a manner that does not adequately protect the confidentiality of these credentials. This flaw can be exploited remotely without requiring authentication or user interaction, as indicated by the CVSS vector AV:N/AC:L/AT:N/UI:N/PR:N. The vulnerability primarily impacts confidentiality, as attackers can retrieve sensitive credentials directly from the file system or via network access if the file is exposed. The CVSS 4.0 base score of 6.9 reflects a medium severity level, highlighting the ease of exploitation and the potential impact on confidentiality, while integrity and availability remain unaffected. No patches or fixes have been officially released at the time of publication, and no known exploits are reported in the wild, though public disclosure of exploit details increases the risk of future attacks. Intelbras ICIP is a product used in various security and communication applications, and the exposure of credentials could allow attackers to gain unauthorized access to systems, escalate privileges, and move laterally within affected networks. The vulnerability is particularly concerning for organizations that rely on Intelbras ICIP for critical operations, as compromised credentials could lead to broader security breaches.

For European organizations, the unprotected storage of credentials in Intelbras ICIP 2.0.20 poses a significant risk of unauthorized access to sensitive systems. Attackers exploiting this vulnerability can obtain usernames and passwords remotely without authentication, potentially leading to account compromise, data breaches, and unauthorized control over affected devices or services. This can result in loss of confidentiality, disruption of operations, and increased risk of further exploitation such as lateral movement or privilege escalation. Sectors such as telecommunications, security services, and critical infrastructure that utilize Intelbras ICIP may face operational disruptions and reputational damage. Additionally, regulatory compliance risks arise under GDPR due to potential exposure of personal or sensitive data. The medium severity rating reflects that while the vulnerability does not directly impact system integrity or availability, the confidentiality breach alone can have cascading effects on organizational security posture.

1. Immediately restrict access to the /xml/sistema/acessodeusuario.xml file by enforcing strict file system permissions and network access controls to prevent unauthorized retrieval of credential data. 2. Monitor network traffic and system logs for unusual access patterns or attempts to read the affected XML file remotely. 3. Implement network segmentation to isolate Intelbras ICIP devices from critical infrastructure and sensitive networks, limiting the attack surface. 4. Apply compensating controls such as multi-factor authentication (MFA) on systems that rely on Intelbras ICIP credentials to reduce the impact of credential compromise. 5. Regularly audit and rotate credentials stored or used by Intelbras ICIP to minimize the window of exposure. 6. Engage with Intelbras for timely updates and patches addressing this vulnerability, and plan for immediate deployment once available. 7. Educate IT and security teams about this vulnerability and ensure incident response plans include scenarios involving credential exposure from this product.