CVE-2025-13792 is a remote code injection vulnerability found in the Qualitor software, affecting versions up to 8.20.104 and 8.24.97. The flaw resides in the eval function within the file /html/st/stdeslocamento/request/getResumo.php, where the 'passageiros' parameter is improperly sanitized or validated. This allows an attacker to craft malicious input that is executed as code on the server. Since the vulnerability can be exploited remotely without any authentication or user interaction, it poses a significant risk. The vulnerability has been assigned a CVSS 4.0 base score of 6.9, indicating medium severity, with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact includes partial loss of confidentiality, integrity, and availability, as the injected code can manipulate data, disrupt services, or exfiltrate sensitive information. Although no known exploits in the wild have been reported yet, the public release of the exploit code increases the likelihood of active exploitation. The vendor has addressed the issue in versions 8.20.105 and 8.24.98, and upgrading to these versions or later is strongly recommended to mitigate the risk.

The vulnerability allows remote attackers to execute arbitrary code on affected Qualitor servers, potentially leading to unauthorized data access, modification, or deletion. This can compromise the confidentiality and integrity of sensitive information managed by Qualitor, as well as disrupt service availability through malicious payloads or denial-of-service conditions. Since exploitation requires no authentication or user interaction, any exposed instance of the vulnerable versions is at risk. Organizations relying on Qualitor for critical IT service management or operational workflows may face operational disruptions, data breaches, and reputational damage. The broad range of affected versions increases the attack surface, especially in environments where patching is delayed. The public availability of exploit code further elevates the threat, making timely remediation essential to prevent exploitation by opportunistic attackers or advanced threat actors.

1. Immediately upgrade all affected Qualitor installations to versions 8.20.105 or 8.24.98 or later, as these contain the official patch for the vulnerability. 2. If immediate upgrade is not feasible, implement network-level controls to restrict access to the vulnerable endpoint (/html/st/stdeslocamento/request/getResumo.php), such as firewall rules or web application firewall (WAF) policies that block or sanitize requests containing suspicious 'passageiros' parameter values. 3. Conduct thorough input validation and sanitization on all user-supplied parameters in custom Qualitor deployments or integrations to prevent injection attacks. 4. Monitor logs for unusual or suspicious requests targeting the vulnerable endpoint, especially those containing unexpected or encoded payloads in the 'passageiros' parameter. 5. Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts of this vulnerability. 6. Review and harden server configurations to minimize the impact of potential code execution, including running Qualitor with least privilege and isolating it from critical systems. 7. Educate IT and security teams about this vulnerability and ensure incident response plans are updated to handle potential exploitation scenarios.