CVE-2025-4319 PUBLISHED

Improper Access Control in Birebirsoft's Sufirmam

Assigner: TR-CERT
Reserved: 05.05.2025 Published: 23.01.2026 Updated: 23.01.2026

Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CVSS Score: 9.4

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Birebirsoft Software and Technology Solutions
Product	Sufirmam
Versions	Default: affected affected from 0 to 23012026 (incl.)

Credits

Hüseyin ÜZÜM finder

References

https://www.usom.gov.tr/bildirim/tr-26-0005

Problem Types

CWE-307 Improper Restriction of Excessive Authentication Attempts CWE
CWE-640 Weak Password Recovery Mechanism for Forgotten Password CWE

Impacts

CAPEC-112 Brute Force
CAPEC-50 Password Recovery Exploitation