Vulnerability Details CVE-2025-13776
Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content.
This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-Płace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.3%
CVSS Severity
CVSS v3 Score 7.1
Products affected by CVE-2025-13776
-
cpe:2.3:a:finka:finka-faktura:*
-
cpe:2.3:a:finka:finka-fk:*
-
cpe:2.3:a:finka:finka-kpr:*
-
cpe:2.3:a:finka:finka-magazyn:*
-
cpe:2.3:a:finka:finka-place:*
-
cpe:2.3:a:finka:finka-stw:*