Unrated severityNVD Advisory· Published Feb 24, 2026· Updated Feb 26, 2026

Hard-coded database credentials in Finka software

CVE-2025-13776

Description

Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content.

This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-Płace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3

Affected products

Finka/Finka-FKllm-create
Range: <=18.4
Tik Soft/Finka Magazynllm-fuzzy2 versions
<=8.2+ 1 more
- (no CPE)range: <=8.2
- (no CPE)range: 0
Tik Soft/Finka Fakturallm-fuzzy2 versions
<=18.2+ 1 more
- (no CPE)range: <=18.2
- (no CPE)range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert.pl/en/posts/2026/01/CVE-2025-13776mitrethird-party-advisory
finka.plmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000