CRITICAL🇵🇱 Wersja polska

CVE-2025-4320

CVSS 10.0v3.1pub. 2026-01-23upd. 2026-06-05

Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation. This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Analysis
How it works

The vulnerability results from two related weaknesses (CWE-305, CWE-640): improper implementation of basic authentication mechanism and ineffective password recovery process. An attacker can bypass identity verification without knowing the correct login credentials, and then or alternatively exploit the defective password reset mechanism to take over the account. Both techniques can be applied together or independently.

Impact

A remote, unauthenticated attacker can gain full system access, threatening the confidentiality, integrity, and availability of data — the CVSS vector includes maximum scores across all three categories.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. Note: the manufacturer did not respond to the vulnerability disclosure prior to its publication. If no update is available, it is recommended to isolate the system from the public network, restrict access exclusively to trusted IP addresses, and implement additional authentication mechanisms (e.g., reverse proxy with authentication requirements).

Who is affected

Sufirmam by Birebirsoft Software and Technology Solutions — all versions up to and including 23012026.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References