{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3920", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2025-04-24T12:25:08.415Z", "datePublished": "2025-07-07T08:21:54.231Z", "dateUpdated": "2025-07-07T17:50:28.306Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SUR-FBD CMMS", "vendor": "SUR-FBD CMMS", "versions": [{"lessThan": "2025.03.27", "status": "affected", "version": "0", "versionType": "date"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Thomas Hayen (Easi)"}], "datePublic": "2025-07-07T08:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extract these credentials, potentially leading to a complete compromise of the application's administrative functions. This issue was fixed in version 2025.03.27 of the SUR-FBD CMMS software."}], "value": "A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extract these credentials, potentially leading to a complete compromise of the application's administrative functions.\u00a0This issue was fixed in version 2025.03.27 of the SUR-FBD CMMS software."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-259", "description": "CWE-259 Use of Hard-coded Password", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2025-07-07T08:21:54.231Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2025/07/CVE-2025-3920/"}], "source": {"discovery": "EXTERNAL"}, "title": "Hard-coded Password in SUR-FBD CMMS", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-07T17:46:22.395207Z", "id": "CVE-2025-3920", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T17:50:28.306Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3920", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-07T17:46:22.395207Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T17:50:24.068Z"}}], "cna": {"title": "Hard-coded Password in SUR-FBD CMMS", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Thomas Hayen (Easi)"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SUR-FBD CMMS", "product": "SUR-FBD CMMS", "versions": [{"status": "affected", "version": "0", "lessThan": "2025.03.27", "versionType": "date"}], "defaultStatus": "unaffected"}], "datePublic": "2025-07-07T08:00:00.000Z", "references": [{"url": "https://cert.pl/en/posts/2025/07/CVE-2025-3920/", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extract these credentials, potentially leading to a complete compromise of the application's administrative functions.\u00a0This issue was fixed in version 2025.03.27 of the SUR-FBD CMMS software.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extract these credentials, potentially leading to a complete compromise of the application's administrative functions. This issue was fixed in version 2025.03.27 of the SUR-FBD CMMS software.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-259", "description": "CWE-259 Use of Hard-coded Password"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2025-07-07T08:21:54.231Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3920", "state": "PUBLISHED", "dateUpdated": "2025-07-07T17:50:28.306Z", "dateReserved": "2025-04-24T12:25:08.415Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2025-07-07T08:21:54.231Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extract these credentials, potentially leading to a complete compromise of the application's administrative functions.\u00a0This issue was fixed in version 2025.03.27 of the SUR-FBD CMMS software."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad en SUR-FBD CMMS donde se encontraron credenciales codificadas dentro de un archivo DLL compilado. Estas credenciales corresponden a una cuenta administrativa integrada del software. Un atacante con acceso local al sistema o al directorio de instalaci\u00f3n de la aplicaci\u00f3n podr\u00eda extraer estas credenciales, lo que podr\u00eda comprometer completamente las funciones administrativas de la aplicaci\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 2025.03.27 del software SUR-FBD CMMS."}], "id": "CVE-2025-3920", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cvd@cert.pl", "type": "Secondary"}]}, "published": "2025-07-07T09:15:26.587", "references": [{"source": "cvd@cert.pl", "url": "https://cert.pl/en/posts/2025/07/CVE-2025-3920/"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-259"}], "source": "cvd@cert.pl", "type": "Secondary"}]}

{}

{}