CVE-2026-25607
5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded.
This issue was fixed in version 9.5.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Centralny Instytut Ochrony Pracy - Państwowy Instytut Badawczy | STER | 0 < 9.5 | affected |
Weaknesses
- CWE-261: CWE-261 Weak Encoding for Password
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://cert.pl/posts/2026/05/CVE-2026-25606
- https://www.ciop.pl/CIOPPortalWAR/appmanager/ciop/pl?_nfpb=true&_pageLabel=P52000165211572544981480
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.