CVE-2025-13776

Summary

Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content.

This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-Płace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3

Affected Software

VendorProductVersion RangeStatus
TIK-SOFTFinka-FK0 < 18.5affected
TIK-SOFTFinka-KPR0 < 16.6affected
TIK-SOFTFinka-Płace0 < 13.4affected
TIK-SOFTFinka-Faktura0 < 18.3affected
TIK-SOFTFinka-Magazyn0 < 8.3affected
TIK-SOFTFinka-STW0 < 12.3affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References