CVE-2025-13187: Intelbras ICIP Exposed! Plaintext Credentials Vulnerability

Overview

CVE-2025-13187 is a medium-severity security vulnerability affecting Intelbras ICIP version 2.0.20. This vulnerability allows for the unprotected storage of user credentials, specifically the username and password. A remote attacker can potentially exploit this flaw to gain unauthorized access to the system.

The exploit has been publicly disclosed, making it crucial for users of affected Intelbras ICIP devices to take immediate action to mitigate the risk.

Technical Details

The vulnerability exists within the /xml/sistema/acessodeusuario.xml file. By manipulating the NomeUsuario and SenhaAcess arguments, an attacker can cause the system to store user credentials in plaintext, rather than using proper encryption or hashing mechanisms.

This lack of secure storage makes the credentials easily accessible to anyone who can gain access to the affected file or database. Because the vulnerability is remotely exploitable, an attacker does not need physical access to the device.

CVSS Analysis

• Severity: MEDIUM
• CVSS Score: 5.3

A CVSS score of 5.3 indicates a medium severity vulnerability. While not immediately critical, the ease of exploitation and potential impact warrant prompt attention. The fact that the exploit is publically available raises the risk level.

Possible Impact

Successful exploitation of CVE-2025-13187 could have significant consequences, including:

• Unauthorized Access: Attackers can gain full access to the Intelbras ICIP system using the compromised credentials.
• Data Breach: Sensitive data stored on the system could be exposed.
• System Compromise: The attacker could modify system configurations, install malware, or use the compromised system as a foothold for further attacks on the network.
• Reputation Damage: The organization using the vulnerable system could suffer reputational damage due to the data breach.

Mitigation or Patch Steps

Unfortunately, specific patch information is not available at the time of writing. However, the following steps are recommended to mitigate the risk:

1. Check for Updates: Regularly check the Intelbras support website for any available firmware updates for your ICIP device. Apply any updates promptly.
2. Restrict Access: Limit network access to the ICIP device as much as possible. Ensure that only authorized users can access the system.
3. Strong Passwords: Enforce strong password policies for all user accounts on the ICIP device.
4. Network Segmentation: Segment your network to isolate the ICIP device from other critical systems.
5. Monitor Network Traffic: Monitor network traffic to and from the ICIP device for any suspicious activity.
6. Contact Intelbras Support: Reach out to Intelbras support for direct assistance and information about available patches or workarounds.
7. Disable Remote Access (If Possible): If remote access is not required, disable it to reduce the attack surface.