CVE-2025-4320
Published: 23 January 2026
Summary
CVE-2025-4320 is a critical-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Gov (inferred from references). Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
IA-5 requires proper management of authenticators including administrative procedures for lost or compromised authenticators, directly mitigating the weak password recovery mechanism exploited in this CVE.
SI-2 mandates identification, reporting, and timely remediation of system flaws like the authentication bypass vulnerability in Sufirmam's password recovery feature.
SI-4 enables monitoring of the system for unauthorized access and anomalous authentication attempts indicative of exploitation of the weak password recovery mechanism.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables unauthenticated remote exploitation of a network-accessible application through authentication bypass via weak password recovery mechanism, directly mapping to T1190: Exploit Public-Facing Application.
NVD Description
Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure…
more
but did not respond in any way.
Deeper analysisAI
CVE-2025-4320 is an Authentication Bypass by Primary Weakness vulnerability stemming from a weak password recovery mechanism for forgotten passwords in the Sufirmam software developed by Birebirsoft Software and Technology Solutions. This flaw enables authentication bypass and password recovery exploitation, affecting all versions of Sufirmam through 23012026. The vulnerability is associated with CWE-305 (Authentication Bypass by Primary Weakness) and CWE-640 (Weak Password Recovery Mechanism for Forgotten Password), and it has a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, lack of required privileges or user interaction, and scope change with high impacts across confidentiality, integrity, and availability.
An unauthenticated attacker with network access can exploit this vulnerability remotely with low complexity and no user interaction required. Successful exploitation allows the attacker to bypass authentication mechanisms and perform password recovery operations, potentially gaining unauthorized access to the system and compromising sensitive data or administrative functions.
The primary reference is a notification from the Turkish National Cyber Incident Response Center (USOM) at https://www.usom.gov.tr/bildirim/tr-26-0005. The vendor was contacted early regarding this disclosure but did not respond, and no patches or specific mitigations are detailed in the available information. Security practitioners should isolate affected Sufirmam instances, monitor for anomalous authentication attempts, and consider disabling password recovery features until further vendor guidance is available.
Details
- CWE(s)