Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
Finka programs use shared, easily guessable database passwords
CVE-2025-13776
Summary
Multiple Finka programs share the same database password, making it easy for an attacker on the same network to access and edit sensitive data. This is a concern because it allows an unauthorized person to access and modify important information. To fix this, update to the latest versions of the affected Finka programs.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| finka | finka-faktura | <= 18.3 | – |
| finka | finka-fk | <= 18.5 | – |
| finka | finka-kpr | <= 16.6 | – |
| finka | finka-magazyn | <= 8.3 | – |
| finka | finka-place | <= 13.4 | – |
| finka | finka-stw | <= 12.3 | – |
Original title
Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to r...
Original description
Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content.
This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-Płace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3
This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-Płace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3
nvd CVSS3.1
7.1
nvd CVSS4.0
8.6
Vulnerability type
CWE-798
Use of Hard-coded Credentials
- https://cert.pl/en/posts/2026/01/CVE-2025-13776 Broken Link
- https://finka.pl/ Product
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026