Vulnerability-Lookup

FKIE_CVE-2025-13776

Vulnerability from fkie_nvd - Published: 2026-02-24 17:29 - Updated: 2026-02-26 19:38

Severity ?

7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Summary

Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-Płace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3

References

	URL	Tags
	cvd@cert.pl	https://cert.pl/en/posts/2026/01/CVE-2025-13776	Broken Link
	cvd@cert.pl	https://finka.pl/	Product

Impacted products

Vendor	Product	Version
finka	finka-faktura	*
finka	finka-fk	*
finka	finka-kpr	*
finka	finka-magazyn	*
finka	finka-place	*
finka	finka-stw	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:finka:finka-faktura:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2B0BEA-3304-43D2-8853-3D9AAAD1DC96",
              "versionEndExcluding": "18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:finka:finka-fk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5187EEB-FFBD-4124-97F1-972FE4084EBA",
              "versionEndExcluding": "18.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:finka:finka-kpr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA490D51-95A8-43C6-83CD-81712060E248",
              "versionEndExcluding": "16.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:finka:finka-magazyn:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEB36851-86B8-4C87-B9D7-AC546067E63C",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:finka:finka-place:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0931342A-0EB3-4A5B-8BF7-6127EB63B92B",
              "versionEndExcluding": "13.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:finka:finka-stw:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A18E827-0BDD-4384-98BC-C5C3F21BECBE",
              "versionEndExcluding": "12.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content.\n\nThis vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-P\u0142ace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3"
    },
    {
      "lang": "es",
      "value": "M\u00faltiples programas Finka usan credenciales de la base de datos Firebird almacenadas en el c\u00f3digo (compartidas entre todas las instancias de este software). Un atacante malicioso en la red local que conozca las credenciales predeterminadas es capaz de leer y editar el contenido de la base de datos.\n\nEsta vulnerabilidad ha sido corregida en la versi\u00f3n: Finka-FK 18.5, Finka-KPR 16.6, Finka-P?ace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3"
    }
  ],
  "id": "CVE-2025-13776",
  "lastModified": "2026-02-26T19:38:41.043",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "ADJACENT",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cvd@cert.pl",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-24T17:29:02.023",
  "references": [
    {
      "source": "cvd@cert.pl",
      "tags": [
        "Broken Link"
      ],
      "url": "https://cert.pl/en/posts/2026/01/CVE-2025-13776"
    },
    {
      "source": "cvd@cert.pl",
      "tags": [
        "Product"
      ],
      "url": "https://finka.pl/"
    }
  ],
  "sourceIdentifier": "cvd@cert.pl",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "cvd@cert.pl",
      "type": "Primary"
    }
  ]
}

CVE-2025-13776 (GCVE-0-2025-13776)

Vulnerability from cvelistv5 – Published: 2026-02-24 15:58 – Updated: 2026-02-26 19:49

Title

Hard-coded database credentials in Finka software

Summary

Severity ?

8.6 (High)


                        
                          CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

CWE

CWE-798 - Use of Hard-coded Credentials

Assigner

CERT-PL

References

URL

Tags

	https://cert.pl/en/posts/2026/01/CVE-2025-13776	third-party-advisory
	https://finka.pl/	product

Impacted products

Vendor

Product

Version

TIK-SOFT

Finka-FK

Affected: 0 , < 18.5 (semver)

TIK-SOFT	Finka-KPR	Affected: 0 , < 16.6 (semver)
TIK-SOFT	Finka-Płace	Affected: 0 , < 13.4 (semver)
TIK-SOFT	Finka-Faktura	Affected: 0 , < 18.3 (semver)
TIK-SOFT	Finka-Magazyn	Affected: 0 , < 8.3 (semver)
TIK-SOFT	Finka-STW	Affected: 0 , < 12.3 (semver)

Credits

Wojciech Żebrowski (Wern128)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13776",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-26T19:49:30.841990Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:49:53.565Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Finka-FK",
          "vendor": "TIK-SOFT",
          "versions": [
            {
              "lessThan": "18.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Finka-KPR",
          "vendor": "TIK-SOFT",
          "versions": [
            {
              "lessThan": "16.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Finka-P\u0142ace",
          "vendor": "TIK-SOFT",
          "versions": [
            {
              "lessThan": "13.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Finka-Faktura",
          "vendor": "TIK-SOFT",
          "versions": [
            {
              "lessThan": "18.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Finka-Magazyn",
          "vendor": "TIK-SOFT",
          "versions": [
            {
              "lessThan": "8.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Finka-STW",
          "vendor": "TIK-SOFT",
          "versions": [
            {
              "lessThan": "12.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Wojciech \u017bebrowski (Wern128)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content.\u003cbr\u003e\u003cbr\u003eThis vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-P\u0142ace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3\u003cbr\u003e"
            }
          ],
          "value": "Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content.\n\nThis vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-P\u0142ace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-24T15:58:30.096Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2026/01/CVE-2025-13776"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://finka.pl/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Hard-coded database credentials in Finka software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2025-13776",
    "datePublished": "2026-02-24T15:58:30.096Z",
    "dateReserved": "2025-11-28T12:37:10.698Z",
    "dateUpdated": "2026-02-26T19:49:53.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2025-13776

CVE-2025-13776 (GCVE-0-2025-13776)

Tags

Sightings

Nomenclature