CVE-2025-4049
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-07-22
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| signum-net | fara | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the use of hard-coded SQLite credentials in the SIGNUM-NET FARA software, which are the same across all vulnerable installations. Because these credentials are hard-coded and identical, an attacker can use them to read and manipulate the locally stored database within the software. [1]
How can this vulnerability impact me? :
The vulnerability allows an attacker to access and alter the local database of the SIGNUM-NET FARA software without authorization. This can lead to unauthorized data disclosure, data tampering, and potentially compromise the integrity and confidentiality of the stored information. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the SIGNUM-NET FARA software version is up to 5.0.80.34 and verifying the presence of hard-coded SQLite credentials. Since the credentials are hard-coded and identical across installations, one can attempt to access the local SQLite database using known default credentials or inspect the software binaries/configuration files for these credentials. Specific commands might include using sqlite3 CLI to attempt to open the database with default credentials or using strings and grep commands on the software binaries to find hard-coded credentials. For example: 1) strings /path/to/fara_binary | grep -i password 2) sqlite3 /path/to/database.db 3) Attempt to query the database to check for unauthorized access. However, no exact commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the SIGNUM-NET FARA software to a version later than 5.0.80.34 where the vulnerability is fixed. If an upgrade is not immediately possible, restrict access to the local database files to trusted users only, and monitor for any unauthorized access attempts. Additionally, consider isolating the affected system to limit potential exploitation. Since the vulnerability involves hard-coded credentials, changing or removing these credentials in the software (if possible) or applying vendor-provided patches is recommended. [1]