CVE-2025-7344
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-07-22
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| digiwin | eai | 2.5.1 |
| digiwin | eai | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-648 | The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7344 is a high-severity privilege escalation vulnerability in Digiwin's EAI software (version 2.5.1 build 0161 and earlier). It allows a remote attacker who already has regular user privileges to exploit a specific API and elevate their privileges to administrator level without user interaction. The attack is network-based, requires low complexity, and low privileges to execute. [1, 3]
How can this vulnerability impact me? :
This vulnerability can significantly impact your system's security by allowing an attacker with regular user access to gain administrator privileges. This can lead to unauthorized access to sensitive data, modification or deletion of critical information, and disruption of system availability. The confidentiality, integrity, and availability of the affected system are all at high risk. [1, 3, 2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should update the Digiwin EAI software to version 2.3.2 build 0115 or later and apply patch KB202504001. Until the patch is applied, restrict access to the EAI website by limiting external network access and controlling internal IP access to reduce risk. [1, 2, 3]