CVE Alert: CVE-2025-11949 – Digiwin – EasyFlow .NET

October 21, 2025

CVE-2025-11949

HIGHNo exploitation known

EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality.

CVSS v3.1 (7.5)
AV NETWORK · AC LOW · PR NONE · UI NONE · S UNCHANGED
Vendor
Digiwin, Digiwin
Product
EasyFlow .NET, EasyFlow AiNet
Versions
0 lte 6.6.19 | 0 lte 8.1.1
CWE
CWE-306, CWE-306 Missing Authentication for Critical Function
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published
2025-10-21T06:49:56.119Z
Updated
2025-10-21T06:49:56.119Z

AI Summary Analysis

**Risk verdict** High – unauthenticated remote access to EasyFlow components could yield database administrator credentials; no exploitation state is indicated in the data, so urgency depends on active use in your environment.

**Why this matters** This vulnerability enables credential exposure without user interaction or privileges, risking immediate, high-impact access to the DB. With CVSS indicating network access and high confidentiality impact, a successful exploit could lead to data theft, alteration, or disruption across enterprise workflows. Patch availability exists, so timely remediation is essential to prevent exploitation.

**Most likely attack path** An attacker can reach the vulnerable functionality over the network without credentials and without user interaction. Successful exploitation grants access to database administrator credentials, enabling rapid lateral movement or full control within the affected scope.

**Who is most exposed** Organisations running EasyFlow.NET or EasyFlow AiNet in on‑premises or cloud-facing deployments with exposed admin endpoints, particularly in ERP/automation environments handling sensitive data.

Detection ideas

  • Unauthorised or unusual calls to the vulnerable function from external networks.
  • Attempts to obtain or exfiltrate database administrator credentials evidenced in application logs.
  • Sudden admin-level sessions or configuration changes post-access.
  • Anomalous data exports or privilege escalations tied to the affected components.
  • Patch installation events mismatching affected builds or dates.

Mitigation and prioritisation

  • Apply patches: update to 6.6.19 (EasyFlow.NET) and 8.1.1 (EasyFlow AiNet) and apply 20250520.
  • If patching is delayed, enforce network access controls, ip allowlists, and disable unauthenticated endpoints where feasible.
  • Rotate credentials for DB admins and enforce least privilege; segment the affected systems.
  • Monitor for credential access anomalies and implement targeted IDS/IDS rules around the vulnerable endpoints.
  • If KEV is true or EPSS ≥ 0.5, treat as priority 1; otherwise maintain high-priority remediation.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features
Buy Me A Coffee Patreon
Tags: , , , , , ,

You may have missed

image

[SINOBI] – Ransomware Victim: McDonald Building

October 21, 2025
image

CVE Alert: CVE-2025-11949 – Digiwin – EasyFlow .NET

October 21, 2025
image

[LYNX] – Ransomware Victim: www[.]ccls[.]org

October 21, 2025
hkcert

Oracle E-Business Suite Information Disclosure Vulnerability

October 21, 2025
aa4e53da86c7d8f7e30ece47cb181f8e18bbcad8c40586b750e47752c14aad6f

The Real Insight Behind Measuring Copilot Usage Is Microsoft’s Desperation

October 21, 2025