PatchSiren cyber security CVE debrief
CVE-2025-4320 Birebirsoft Software and Technology Solutions CVE debrief
CVE-2025-4320 is a critical vulnerability (CVSS Score: 10) in Birebirsoft Software and Technology Solutions Sufirmam, affecting versions through 23012026. The vulnerability is caused by an Authentication Bypass by Primary Weakness and a Weak Password Recovery Mechanism for Forgotten Password, which can lead to authentication bypass and password recovery exploitation. The vendor, Birebirsoft Software and Technology Solutions, was contacted early about this disclosure but did not respond.
- Vendor
- Birebirsoft Software and Technology Solutions
- Product
- Sufirmam
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-23
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-01-23
- Advisory updated
- 2026-06-05
Who should care
Users of Birebirsoft Software and Technology Solutions Sufirmam through version 23012026 should be aware of this critical vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. It is classified under CWE-305 (Authentication Bypass by Primary Weakness) and CWE-640 (Weak Password Recovery Mechanism).
Defensive priority
high
Recommended defensive actions
- Update Sufirmam to a version beyond 23012026.
- Implement strong authentication and password recovery mechanisms.
- Review and strengthen password policies.
Evidence notes
The CVE record was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2025-4320) and details can be found on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2025-4320). Additional information is available from [ref-4](https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0005) and [ref-5](https://www.usom.gov.tr/bildirim/tr-26-0005).
Official resources
CVE-2025-4320 was published on 2026-01-23T13:15:49.123Z and modified on 2026-06-05T16:16:32.347Z.