CVE-2025-13221

CVE Database · CVE-2025-13221

CVE-2025-13221

· MEDIUMDeferred

CVSS v3.1

5.3

CVSS v4.0

5.5

EPSS

0.31%

Published

Nov 15, 2025

Modified

Apr 14, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. Executing manipulation of the argument Usuario/Senha can lead to unprotected storage of credentials. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-255CWE-256

References (4)

https://vuldb.com/?ctiid.332537

https://vuldb.com/?id.332537

https://vuldb.com/?submit.685825

https://www.notion.so/eldruin/Intelbras-UnniTI-Plaintext-Admin-Credentials-Disclosure-29c27474cccb8008b2d7ea60affdf86e?source=copy_link

KEV Catalog EPSS Scores Vendors All CVEs