CVE-2025-13776
Received Received - Intake
Hard-Coded Credentials in Finka Software Allow Database Tampering

Publication date: 2026-02-24

Last updated on: 2026-02-26

Assigner: CERT.PL

Description
Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-PΕ‚ace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13776
EUVD
EUVD-2025-208095
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
finka finka-faktura to 18.3 (exc)
finka finka-fk to 18.5 (exc)
finka finka-kpr to 16.6 (exc)
finka finka-magazyn to 8.3 (exc)
finka finka-place to 13.4 (exc)
finka finka-stw to 12.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves multiple Finka software programs that use hard-coded Firebird database credentials which are shared across all instances of the software.

A malicious attacker who is on the local network and knows these default credentials can gain unauthorized access to the database, allowing them to read and modify its content.

Impact Analysis

If exploited, this vulnerability allows an attacker on the local network to access and alter sensitive data stored in the database of affected Finka programs.

This can lead to data breaches, unauthorized data manipulation, and potential disruption of business operations that rely on the integrity and confidentiality of this data.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves multiple Finka programs using hard-coded Firebird database credentials that are shared across all instances. Detection would involve identifying instances of these Finka programs communicating over the network or accessing the Firebird database with default credentials.

Since the vulnerability is related to Firebird database access with default credentials, one way to detect it is to monitor network traffic for Firebird database connections and attempt to authenticate using the known default credentials.

  • Use network scanning tools (e.g., nmap) to detect Firebird database services (default port 3050). Example command: nmap -p 3050 --open <target-ip>
  • Attempt to connect to the Firebird database using command-line tools or database clients with the default hard-coded credentials to verify if access is possible.
  • Check running processes or installed software on systems for the presence of vulnerable Finka program versions before the fixed versions (Finka-FK before 18.5, Finka-KPR before 16.6, etc.).
Mitigation Strategies

The primary mitigation step is to upgrade all affected Finka programs to the fixed versions where this vulnerability has been addressed.

  • Upgrade Finka-FK to version 18.5 or later.
  • Upgrade Finka-KPR to version 16.6 or later.
  • Upgrade Finka-PΕ‚ace to version 13.4 or later.
  • Upgrade Finka-Faktura to version 18.3 or later.
  • Upgrade Finka-Magazyn to version 8.3 or later.
  • Upgrade Finka-STW to version 12.3 or later.

Additionally, restrict network access to Firebird database ports and monitor for unauthorized access attempts using default credentials.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13776. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart