CVE-2025-13776
Hard-Coded Credentials in Finka Software Allow Database Tampering
Publication date: 2026-02-24
Last updated on: 2026-02-26
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| finka | finka-faktura | to 18.3 (exc) |
| finka | finka-fk | to 18.5 (exc) |
| finka | finka-kpr | to 16.6 (exc) |
| finka | finka-magazyn | to 8.3 (exc) |
| finka | finka-place | to 13.4 (exc) |
| finka | finka-stw | to 12.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves multiple Finka software programs that use hard-coded Firebird database credentials which are shared across all instances of the software.
A malicious attacker who is on the local network and knows these default credentials can gain unauthorized access to the database, allowing them to read and modify its content.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker on the local network to access and alter sensitive data stored in the database of affected Finka programs.
This can lead to data breaches, unauthorized data manipulation, and potential disruption of business operations that rely on the integrity and confidentiality of this data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves multiple Finka programs using hard-coded Firebird database credentials that are shared across all instances. Detection would involve identifying instances of these Finka programs communicating over the network or accessing the Firebird database with default credentials.
Since the vulnerability is related to Firebird database access with default credentials, one way to detect it is to monitor network traffic for Firebird database connections and attempt to authenticate using the known default credentials.
- Use network scanning tools (e.g., nmap) to detect Firebird database services (default port 3050). Example command: nmap -p 3050 --open <target-ip>
- Attempt to connect to the Firebird database using command-line tools or database clients with the default hard-coded credentials to verify if access is possible.
- Check running processes or installed software on systems for the presence of vulnerable Finka program versions before the fixed versions (Finka-FK before 18.5, Finka-KPR before 16.6, etc.).
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade all affected Finka programs to the fixed versions where this vulnerability has been addressed.
- Upgrade Finka-FK to version 18.5 or later.
- Upgrade Finka-KPR to version 16.6 or later.
- Upgrade Finka-PΕace to version 13.4 or later.
- Upgrade Finka-Faktura to version 18.3 or later.
- Upgrade Finka-Magazyn to version 8.3 or later.
- Upgrade Finka-STW to version 12.3 or later.
Additionally, restrict network access to Firebird database ports and monitor for unauthorized access attempts using default credentials.