CVE-2025-4320
10.0 CRITICALAuthentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software ...
Published: 2026-01-23 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 10.0 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- CWE
- CWE-305, CWE-640
Description
Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation. This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-45013 — ApostropheCMS is an open-source Node.js content management system (8.1 HIGH)
- CVE-2026-12066 — A security flaw has been discovered in PbootCMS up to 3.2.12 (7.3 HIGH)
- CVE-2025-7064 — Authentication bypass by primary weakness vulnerability in ABB Freelance (6.6 MEDIUM)
- CVE-2026-50635 — LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it (8.8 HIGH)
- CVE-2026-25555 — OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows un... (9.8 CRITICAL)