CVE-2025-11949
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-21
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| digiwin | easyflow_ainet | 8.1.1 |
| digiwin | easyflow.net | 6.6.19 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authentication issue in EasyFlow .NET and EasyFlow AiNet by Digiwin. It allows unauthenticated remote attackers to access a specific functionality that lets them obtain database administrator credentials without needing to log in.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain database administrator credentials remotely without authentication. This can lead to unauthorized access to sensitive data, potential data breaches, and compromise of the entire database system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively impact compliance with standards like GDPR and HIPAA because unauthorized access to database administrator credentials can lead to exposure of personal and sensitive data, violating data protection and privacy requirements.