CVE-2025-4320 | THREATINT

Description

Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

PUBLISHED Reserved 2025-05-05 | Published 2026-01-23 | Updated 2026-01-23 | Assigner TR-CERT

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-305 Authentication Bypass by Primary Weakness

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

Product status

Default status

affected

Any version

affected

Credits

Hüseyin ÜZÜM finder

References

www.usom.gov.tr/bildirim/tr-26-0005

cve.org (CVE-2025-4320)

nvd.nist.gov (CVE-2025-4320)

Download JSON