{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T17:00:41.927","vulnerabilities":[{"cve":{"id":"CVE-2025-13776","sourceIdentifier":"cvd@cert.pl","published":"2026-02-24T17:29:02.023","lastModified":"2026-02-26T19:38:41.043","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content.\n\nThis vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-Płace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3"},{"lang":"es","value":"Múltiples programas Finka usan credenciales de la base de datos Firebird almacenadas en el código (compartidas entre todas las instancias de este software). Un atacante malicioso en la red local que conozca las credenciales predeterminadas es capaz de leer y editar el contenido de la base de datos.\n\nEsta vulnerabilidad ha sido corregida en la versión: Finka-FK 18.5, Finka-KPR 16.6, Finka-P?ace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3"}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:finka:finka-faktura:*:*:*:*:*:*:*:*","versionEndExcluding":"18.3","matchCriteriaId":"FF2B0BEA-3304-43D2-8853-3D9AAAD1DC96"},{"vulnerable":true,"criteria":"cpe:2.3:a:finka:finka-fk:*:*:*:*:*:*:*:*","versionEndExcluding":"18.5","matchCriteriaId":"F5187EEB-FFBD-4124-97F1-972FE4084EBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:finka:finka-kpr:*:*:*:*:*:*:*:*","versionEndExcluding":"16.6","matchCriteriaId":"DA490D51-95A8-43C6-83CD-81712060E248"},{"vulnerable":true,"criteria":"cpe:2.3:a:finka:finka-magazyn:*:*:*:*:*:*:*:*","versionEndExcluding":"8.3","matchCriteriaId":"FEB36851-86B8-4C87-B9D7-AC546067E63C"},{"vulnerable":true,"criteria":"cpe:2.3:a:finka:finka-place:*:*:*:*:*:*:*:*","versionEndExcluding":"13.4","matchCriteriaId":"0931342A-0EB3-4A5B-8BF7-6127EB63B92B"},{"vulnerable":true,"criteria":"cpe:2.3:a:finka:finka-stw:*:*:*:*:*:*:*:*","versionEndExcluding":"12.3","matchCriteriaId":"2A18E827-0BDD-4384-98BC-C5C3F21BECBE"}]}]}],"references":[{"url":"https://cert.pl/en/posts/2026/01/CVE-2025-13776","source":"cvd@cert.pl","tags":["Broken Link"]},{"url":"https://finka.pl/","source":"cvd@cert.pl","tags":["Product"]}]}}]}