CVE-2025-4320CRITICAL 10.0EPSS p36.4%

CVE-2025-4320CVE-2025-4320

Description

Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation. This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.46% probability of exploitation · percentile 36.4% · 2026-06-18T12:00:27Z
Published2026-01-23
Last modified2026-06-05

Underlying weaknesses· 2

CWE-305CWE-640

References

  1. https://www.usom.gov.tr/bildirim/tr-26-0005

2

TypeTargetConfidenceTier
WeaknessAuthentication Bypass by Primary Weaknesscwe-3050%live
WeaknessWeak Password Recovery Mechanism for Forgotten Passwordcwe-6400%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-4319
CVE
CVE-2025-10463
CVE
CVE-2025-2413
CVE
CVE-2025-2301
CVE
CVE-2025-10855
CVE
CVE-2025-1031
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.