CVE-2025-13776
Published: Feb 24, 2026
Modified: Feb 26, 2026
Description
Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-Płace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3
| Vendor | Product | Versions |
|---|---|---|
TIK-SOFT | Finka-FK | affected 0 - < 18.5 |
TIK-SOFT | Finka-KPR | affected 0 - < 16.6 |
TIK-SOFT | Finka-Płace | affected 0 - < 13.4 |
TIK-SOFT | Finka-Faktura | affected 0 - < 18.3 |
TIK-SOFT | Finka-Magazyn | affected 0 - < 8.3 |
TIK-SOFT | Finka-STW | affected 0 - < 12.3 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now