CVE-2025-4319 CRITICAL

CVE-2025-4319: Improper Access Control in Birebirsoft's Sufirmam

Vendor Birebirsoft Software And Technology Solutions
Product Sufirmam
Weakness CWE-307 · Brute force
Published January 23, 2026
Last update June 5, 2026

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

What the vulnerability does

01Description

Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation. This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

January 23, 2026 CVE published
June 5, 2026 Record updated