CVE-2025-13792 is a code injection vulnerability found in the Qualitor IT service management software, specifically in versions up to 8.20.104 and 8.24.97. The vulnerability exists due to the unsafe use of the PHP eval function within the /html/st/stdeslocamento/request/getResumo.php script. The eval function executes PHP code passed to it, and in this case, the 'passageiros' parameter is not properly sanitized or validated before being passed to eval. This allows an attacker to inject arbitrary PHP code remotely by manipulating the 'passageiros' argument in HTTP requests. The vulnerability requires no authentication, no user interaction, and can be exploited over the network, making it highly accessible to attackers. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the ease of exploitation and potential impact on confidentiality, integrity, and availability, although the scope is limited to the affected Qualitor instance. The flaw can lead to full system compromise, data theft, or service disruption. Public exploits have been released, increasing the urgency for remediation. The vendor has addressed the issue in versions 8.20.105 and 8.24.98, and upgrading to these or later versions is the recommended fix. No known exploits in the wild have been reported at the time of publication, but the public availability of exploit code raises the risk of imminent attacks.

For European organizations using Qualitor, this vulnerability poses a significant risk of remote code execution, potentially allowing attackers to gain unauthorized access, execute arbitrary commands, and compromise sensitive data or disrupt IT service management operations. Given Qualitor's role in managing IT services, exploitation could lead to operational downtime, data integrity issues, and exposure of confidential information. The vulnerability's ease of exploitation without authentication or user interaction increases the likelihood of automated attacks and widespread exploitation. Organizations in sectors with high reliance on ITSM platforms, such as finance, healthcare, and government, could face severe operational and reputational damage. Additionally, the presence of publicly available exploits increases the risk of targeted attacks against European entities. Failure to patch promptly could result in lateral movement within networks and further compromise of critical infrastructure.

European organizations should immediately inventory their Qualitor deployments to identify affected versions. The primary mitigation is to upgrade Qualitor to versions 8.20.105 or 8.24.98 or later, where the vulnerability is patched. Until upgrades are applied, organizations should implement network-level controls to restrict access to the vulnerable endpoint, such as IP whitelisting or firewall rules limiting access to trusted administrators. Web application firewalls (WAFs) can be configured to detect and block suspicious payloads targeting the 'passageiros' parameter, especially those containing code injection patterns. Monitoring and logging HTTP requests to the vulnerable script should be enhanced to detect exploitation attempts. Organizations should also review and harden PHP configurations to disable dangerous functions like eval where possible, though this may require application changes. Regular vulnerability scanning and penetration testing should be conducted to verify remediation effectiveness. Finally, organizations should prepare incident response plans for potential exploitation scenarios.