CVE-2025-13768HIGH 8.8EPSS p26.9%

CVE-2025-13768CVE-2025-13768

Description

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.35% probability of exploitation · percentile 26.9% · 2026-06-19T12:03:05Z
Published2025-11-28
Last modified2025-12-01

Underlying weaknesses· 1

CWE-639

References

  1. https://www.twcert.org.tw/en/cp-139-10539-21f45-2.html
  2. https://www.twcert.org.tw/tw/cp-132-10538-6a26d-1.html

1

TypeTargetConfidenceTier
WeaknessAuthorization Bypass Through User-Controlled Keycwe-6390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-9254
CVE
CVE-2025-45607
CVE
CVE-2025-41648
CVE
CVE-2025-64236
CVE
CVE-2025-41663
CVE
CVE-2025-1393
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.