CVE-2025-3920

A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extract these credentials, potentially leading to a complete compromise of the application's administrative functions. This issue was fixed in version 2025.03.27 of the SUR-FBD CMMS software.

CVSS

No CVSS.

References

Link	Resource
https://cert.pl/en/posts/2025/07/CVE-2025-3920/

Configurations

No configuration.

History

08 Jul 2025, 16:18

Type	Values Removed	Values Added
Summary		(es) Se identificó una vulnerabilidad en SUR-FBD CMMS donde se encontraron credenciales codificadas dentro de un archivo DLL compilado. Estas credenciales corresponden a una cuenta administrativa integrada del software. Un atacante con acceso local al sistema o al directorio de instalación de la aplicación podría extraer estas credenciales, lo que podría comprometer completamente las funciones administrativas de la aplicación. Este problema se solucionó en la versión 2025.03.27 del software SUR-FBD CMMS.

07 Jul 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-07 09:15

Updated : 2025-07-08 16:18

NVD link : CVE-2025-3920

Mitre link : CVE-2025-3920

CVE.ORG link : CVE-2025-3920

JSON object : View

Products Affected

No product.

CWE

CWE-259

Use of Hard-coded Password

{"id": "CVE-2025-3920", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-07T09:15:26.587", "references": [{"url": "https://cert.pl/en/posts/2025/07/CVE-2025-3920/", "source": "cvd@cert.pl"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-259"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extract these credentials, potentially leading to a complete compromise of the application's administrative functions.\u00a0This issue was fixed in version 2025.03.27 of the SUR-FBD CMMS software."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad en SUR-FBD CMMS donde se encontraron credenciales codificadas dentro de un archivo DLL compilado. Estas credenciales corresponden a una cuenta administrativa integrada del software. Un atacante con acceso local al sistema o al directorio de instalaci\u00f3n de la aplicaci\u00f3n podr\u00eda extraer estas credenciales, lo que podr\u00eda comprometer completamente las funciones administrativas de la aplicaci\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 2025.03.27 del software SUR-FBD CMMS."}], "lastModified": "2025-07-08T16:18:34.923", "sourceIdentifier": "cvd@cert.pl"}