CVE-2025-13221 identifies a vulnerability in Intelbras UnniTI version 24.07.11 involving unprotected storage of user credentials within the XML file located at /xml/sistema/usuarios.xml. The vulnerability arises from improper handling and storage of the Usuario/Senha (user/password) arguments, allowing an attacker to remotely manipulate these parameters and retrieve sensitive credential information without requiring authentication or user interaction. The flaw is exploitable over the network (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The vulnerability impacts confidentiality (VC:L) but does not affect integrity or availability. The CVSS 4.0 score of 6.9 reflects a medium severity level. Although no active exploitation has been observed, a public exploit is available, increasing the risk of compromise. The vulnerability could enable attackers to gain unauthorized access to systems by harvesting credentials, potentially leading to further attacks such as privilege escalation or lateral movement within affected environments. The lack of patches or vendor-provided mitigations at the time of publication necessitates immediate defensive measures. Intelbras UnniTI is used primarily in network management and security solutions, and the exposure of credentials could undermine the security posture of organizations relying on this product.

For European organizations, the unprotected storage of credentials in Intelbras UnniTI could lead to unauthorized access to critical network management systems. This exposure risks confidentiality breaches, allowing attackers to harvest credentials and potentially escalate privileges or move laterally within corporate networks. Organizations in sectors such as telecommunications, infrastructure management, and enterprise IT that deploy Intelbras UnniTI may face increased risk of data breaches, operational disruption, and compliance violations under GDPR due to unauthorized data access. The remote exploitability without authentication means attackers can attempt exploitation from outside the network perimeter, increasing the attack surface. Although the vulnerability does not directly affect system integrity or availability, the compromise of credentials can indirectly lead to service disruptions or data manipulation. The availability of a public exploit increases the likelihood of opportunistic attacks, especially targeting organizations with weak network segmentation or insufficient monitoring. European entities relying on Intelbras products should consider this vulnerability a significant risk to their network security and data protection efforts.

1. Immediately restrict access to the /xml/sistema/usuarios.xml file by implementing strict file system permissions and network access controls to limit exposure to trusted administrators only. 2. Monitor network traffic and logs for unusual access patterns or repeated attempts to manipulate the Usuario/Senha parameters, using intrusion detection systems or SIEM solutions. 3. If possible, isolate Intelbras UnniTI devices or services from direct internet exposure by placing them behind firewalls or VPNs to reduce remote attack vectors. 4. Engage with Intelbras support or vendor channels to obtain patches or updates addressing this vulnerability; if unavailable, consider temporary workarounds such as encrypting the XML file or disabling vulnerable features. 5. Conduct credential audits and enforce password rotation policies for accounts managed by UnniTI to mitigate risks from potentially exposed credentials. 6. Implement multi-factor authentication (MFA) on systems that integrate with Intelbras UnniTI to reduce the impact of credential compromise. 7. Educate IT and security teams about this vulnerability and ensure rapid incident response capabilities are in place to detect and respond to exploitation attempts.