CVE-2025-3920
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-07-07

Last updated on: 2025-07-08

Assigner: CERT.PL

Description
A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extract these credentials, potentially leading to a complete compromise of the application's administrative functions.Β This issue was fixed in version 2025.03.27 of the SUR-FBD CMMS software.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-07
Last Modified
2025-07-08
Generated
2026-05-07
AI Q&A
2025-07-07
EPSS Evaluated
2026-05-05
NVD
CVE-2025-3920
EUVD
EUVD-2025-20198
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-259 The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in SUR-FBD CMMS involves hard-coded credentials embedded within a compiled DLL file. These credentials belong to a built-in administrative account. An attacker with local access to the system or the application's installation directory can extract these credentials, potentially gaining full administrative control over the application. [1]


How can this vulnerability impact me? :

If exploited, this vulnerability can lead to a complete compromise of the application's administrative functions, allowing an attacker to control the application fully. This could result in unauthorized access, manipulation, or disruption of the system managed by SUR-FBD CMMS. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for the presence of the vulnerable SUR-FBD CMMS software versions up to 2025.03.27 and by inspecting the compiled DLL files within the application's installation directory for hard-coded credentials. Since the credentials are embedded in a DLL file, one approach is to extract strings from the DLL files to identify hard-coded passwords or administrative account details. For example, on a system with the software installed, you can use commands like 'strings <path_to_dll> | grep -i password' or 'strings <path_to_dll> | grep -i admin' to search for embedded credentials. Additionally, verifying the software version installed can help determine if the system is vulnerable. [1]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade the SUR-FBD CMMS software to version 2025.03.27 or later, where the vulnerability has been fixed. Until the upgrade can be performed, restrict local access to the system and the application's installation directory to trusted users only, to prevent attackers from extracting the hard-coded credentials from the DLL files. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart