Cyber Resilience

CVE-2025-4320

CriticalUpdated

Published: 23 January 2026

Published
23 January 2026
Modified
05 June 2026
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0046 36.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-4320 is a critical-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Gov (inferred from references). Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2025-4320 is an Authentication Bypass by Primary Weakness vulnerability stemming from a weak password recovery mechanism for forgotten passwords in the Sufirmam software developed by Birebirsoft Software and Technology Solutions. This flaw enables authentication bypass and password recovery exploitation, affecting all versions of Sufirmam through 23012026. The vulnerability is associated with CWE-305 (Authentication Bypass by Primary Weakness) and CWE-640 (Weak Password Recovery Mechanism for Forgotten Password), and it has a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, lack of required privileges or user interaction, and scope change with high impacts across confidentiality, integrity, and availability.

An unauthenticated attacker with network access can exploit this vulnerability remotely with low complexity and no user interaction required. Successful exploitation allows the attacker to bypass authentication mechanisms and perform password recovery operations, potentially gaining unauthorized access to the system and compromising sensitive data or administrative functions.

The primary reference is a notification from the Turkish National Cyber Incident Response Center (USOM) at https://www.usom.gov.tr/bildirim/tr-26-0005. The vendor was contacted early regarding this disclosure but did not respond, and no patches or specific mitigations are detailed in the available information. Security practitioners should isolate affected Sufirmam instances, monitor for anomalous authentication attempts, and consider disabling password recovery features until further vendor guidance is available.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation. This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this…

more

disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability enables unauthenticated remote exploitation of a network-accessible application through authentication bypass via weak password recovery mechanism, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-29199Shared CWE-640
CVE-2026-30849Shared CWE-305
CVE-2022-50910Shared CWE-640
CVE-2026-42606Shared CWE-640
CVE-2025-47776Shared CWE-305
CVE-2025-68435Shared CWE-305
CVE-2026-25858Shared CWE-640
CVE-2026-40585Shared CWE-640
CVE-2025-36386Shared CWE-305
CVE-2025-63314Shared CWE-640

Affected Assets

Gov
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires secure management of authenticators including password recovery/reset mechanisms that are the root weakness in CVE-2025-4320.

prevent

Enforces access control decisions so that a bypassed or exploited password recovery flow cannot grant unauthorized entry.

detect

Enables monitoring of authentication and password-recovery events to identify exploitation attempts against the vulnerable Sufirmam mechanism.

References