Report an incident
Back
  • About us
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy Bezpieczny telefon
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
Projects
n6 Artemis MWDB
CVD program
CVD policy Advisories

Vulnerability in Ysoft SafeQ 6 software
14 January 2026 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2025-13175
Publication date 14 January 2026
Vendor YSoft
Product SafeQ 6
Vulnerable versions All before MU106
Vulnerability type (CWE) Missing Password Field Masking (CWE-549)
Report source Report to CERT Polska

Description

CERT Polska has received a report about vulnerability in YSoft SafeQ 6 software and participated in coordination of its disclosure.

The vulnerability CVE-2025-13175: Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected Workflow Connector. This issue affects Y Soft SafeQ 6 in versions before MU106.

Credits

We thank Hubert Decyusz and Karol Mazurek from AFINE Team for the responsible vulnerability report.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.