CVE-2025-3321
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-06-06
Assigner: B. Braun SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a predefined administrative account on a server that is not documented and cannot be deactivated. Although this account cannot be accessed or misused remotely over the network, it can be exploited by local users who have physical or local access to the server.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing local users on the server to misuse an undocumented administrative account that cannot be disabled. This could lead to unauthorized local access with high privileges, potentially compromising the server's security and integrity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a predefined administrative account that cannot be deactivated and is only exploitable by local users on the server, not over the network. Therefore, network detection methods are not applicable. Since no specific detection commands or technical details are provided in the resources, no exact commands can be suggested to detect this account.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability cannot be exploited remotely and only affects local users due to an undeactivatable predefined administrative account. No specific mitigation steps or workarounds are provided in the available resources. General best practice would be to restrict local access to trusted personnel only and monitor local user activities, but no official guidance is available from the provided information.