CVE-2025-4320 CRITICAL

CVE-2025-4320: Information Disclosure in Birebirsoft's Sufirmam

Vendor Birebirsoft Software And Technology Solutions
Product Sufirmam
Weakness CWE-305
Published January 23, 2026
Last update June 5, 2026

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation. This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

January 23, 2026 CVE published
June 5, 2026 Record updated