CVE-2025-13776

UNKNOWN 0.0

Hard-coded database credentials in Finka software

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR 16.6, Finka-Płace 13.4, Finka-Faktura 18.3, Finka-Magazyn 8.3, Finka-STW 12.3

CWE	CWE-798
Vendor	tik-soft
Product	finka-fk
Published	Feb 24, 2026
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for tik-soft finka-fk

Be the first to know when new unknown vulnerabilities affecting tik-soft finka-fk are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

TIK-SOFT / Finka-FK

0 < 18.5

TIK-SOFT / Finka-KPR

0 < 16.6

TIK-SOFT / Finka-Płace

0 < 13.4

TIK-SOFT / Finka-Faktura

0 < 18.3

TIK-SOFT / Finka-Magazyn

0 < 8.3

TIK-SOFT / Finka-STW

0 < 12.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/en/posts/2026/01/CVE-2025-13776 finka.pl: https://finka.pl/

Credits

Wojciech Żebrowski (Wern128)