CVE-2025-13175
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-01-14
Last updated on: 2026-01-14
Assigner: CERT.PL
Description
Description
Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools.Β The affected customers are only those with a password-protected scan workflow connector.
This issue affects Y Soft SafeQ 6 in versions before MU106.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| y_soft | safeq | to MU106 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-549 | The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70