exploitDog

CVE-2025-13768

Опубликовано: 28 нояб. 2025

Источник: nvd

CVSS3: 7.5

CVSS3: 8.8

EPSS Низкий

Описание

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.

Ссылки

https://www.twcert.org.tw/en/cp-139-10539-21f45-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-10538-6a26d-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:uniong:webitr:*:*:*:*:*:*:*:*

Версия до 2_1_0_34 (исключая)

EPSS

Процентиль: 48%

0.00252

Низкий

7.5 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-7w7v-v6f9-93rj

CVSS3: 7.5

github

2 месяца назад

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.

EPSS

Процентиль: 48%

0.00252

Низкий

7.5 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-639