CVE-2026-25600
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
01/06/2026
Last modified:
01/06/2026
Description
The PDBM application relies on a static, hard‑coded secret embedded <br />
in the PDBM.exe executable. This secret is used by the application’s <br />
encryption routines, including the function responsible for decrypting <br />
credentials stored in the product’s configuration file. Because the <br />
secret is constant across installations, any attacker with sufficient <br />
local privileges can extract it from the binary. Once obtained, the secret allows the attacker to decrypt the stored <br />
password and authenticate as the user defined in the configuration file.<br />
In the affected version, this user account is configured with <br />
administrative privileges, granting full access to PDBM’s management <br />
interface and its underlying operational functions.
Impact
Base Score 3.x
6.40
Severity 3.x
MEDIUM



