CVE-2025-4320 PUBLISHED

Information Disclosure in Birebirsoft's Sufirmam

Assigner: TR-CERT
Reserved: 05.05.2025 Published: 23.01.2026 Updated: 23.01.2026

Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 10

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Birebirsoft Software and Technology Solutions
Product	Sufirmam
Versions	Default: affected affected from 0 to 23012026 (incl.)

Credits

Hüseyin ÜZÜM finder

References

https://www.usom.gov.tr/bildirim/tr-26-0005

Problem Types

CWE-305 Authentication Bypass by Primary Weakness CWE
CWE-640 Weak Password Recovery Mechanism for Forgotten Password CWE

Impacts

CAPEC-115 Authentication Bypass
CAPEC-50 Password Recovery Exploitation