CVE-2026-25607 MEDIUM

CVE-2026-25607: Weak password encoding in STER

Vendor Centralny Instytut Ochrony Pracy - Państwowy Instytut Badawczy
Product STER
Weakness CWE-261
Published May 22, 2026
Last update May 22, 2026

CVSS base score

5.7/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5.

Key dates

02Disclosure timeline

May 22, 2026 CVE published
May 22, 2026 Record updated