CVE-2026-25607 PUBLISHED

Weak password encoding in STER

Assigner: CERT-PL
Reserved: 03.02.2026 Published: 22.05.2026 Updated: 22.05.2026

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded.

This issue was fixed in version 9.5.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 5.7

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	None
Attack Complexity	High	Integrity	None	Integrity	None
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	Centralny Instytut Ochrony Pracy - Państwowy Instytut Badawczy
Product	STER
Versions	Default: unaffected affected from 0 to 9.5 (excl.)

CVE-2026-25607 PUBLISHED

Weak password encoding in STER

Metrics

Product Status

Credits

References

Problem Types