CVE-2025-13792 is a code injection vulnerability identified in Qualitor versions 8.20 and 8.24, specifically in the eval function located in the file /html/st/stdeslocamento/request/getResumo.php. The vulnerability arises from improper handling of the 'passageiros' parameter, which is passed directly to an eval statement without adequate sanitization or validation. This allows an unauthenticated remote attacker to inject arbitrary PHP code that the server executes, potentially leading to full system compromise. The vulnerability is remotely exploitable over the network without requiring any user interaction or privileges, making it highly accessible to attackers. The vendor was notified early but has not responded or released a patch, and exploit code has been publicly disclosed, increasing the risk of active exploitation. The CVSS 4.0 score of 6.9 reflects a medium severity, considering the network attack vector, lack of authentication, and the potential for partial impact on confidentiality, integrity, and availability. The vulnerability's exploitation could allow attackers to execute arbitrary commands, access sensitive data, modify system files, or disrupt services. Given the critical role Qualitor plays in IT service management and operations, exploitation could have cascading effects on business continuity and data security. The absence of vendor patches necessitates immediate mitigation efforts by affected organizations.

For European organizations, the impact of CVE-2025-13792 could be significant, particularly for those relying on Qualitor versions 8.20 or 8.24 for IT service management and operational workflows. Successful exploitation can lead to unauthorized code execution, enabling attackers to steal sensitive information, alter or delete data, disrupt service availability, or establish persistent backdoors. This could affect confidentiality, integrity, and availability of critical systems. Organizations in sectors such as finance, healthcare, telecommunications, and government, where Qualitor is used to manage IT assets and services, may face operational disruptions and regulatory compliance issues. The public availability of exploit code increases the likelihood of opportunistic attacks, including ransomware or data exfiltration campaigns. The lack of vendor response and patches means organizations must rely on internal controls and compensating measures to reduce risk. Additionally, reputational damage and financial losses could result from breaches exploiting this vulnerability.

1. Immediately audit and review all instances of the vulnerable Qualitor versions (8.20 and 8.24) within the environment. 2. Disable or remove the use of the eval function in /html/st/stdeslocamento/request/getResumo.php or apply strict input validation and sanitization on the 'passageiros' parameter to prevent code injection. 3. If source code modification is not feasible, implement web application firewall (WAF) rules to detect and block malicious payloads targeting this parameter. 4. Restrict network access to the affected Qualitor web interface to trusted IP addresses only, minimizing exposure to the internet. 5. Monitor logs and network traffic for unusual activity or signs of exploitation attempts, such as unexpected code execution or anomalous requests to the vulnerable endpoint. 6. Develop and test incident response plans specific to this vulnerability, including containment and recovery procedures. 7. Engage with Qualitor vendors or community forums for updates or unofficial patches and share threat intelligence with peers. 8. Consider deploying application-layer sandboxing or runtime application self-protection (RASP) tools to detect and prevent exploitation attempts in real time.