CVE-2025-4319
Brute Force and Weak Password Recovery in Sufirmam Software
Publication date: 2026-01-23
Last updated on: 2026-01-23
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| birebirsoft | sufirmam | to 23012026 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-640 | The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. |
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Birebirsoft Software and Technology Solutions Sufirmam involves improper restriction of excessive authentication attempts and a weak password recovery mechanism. It allows attackers to perform brute force attacks and exploit the password recovery process to gain unauthorized access.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to user accounts due to brute force attacks and exploitation of the password recovery mechanism. This can result in data breaches, loss of confidentiality, integrity, and availability of the affected system.