CVE-2026-25600

Severity CVSS v4.0:
Pending analysis
Type:
CWE-798 Use of Hard-coded Credentials
Publication date:
01/06/2026
Last modified:
01/06/2026

Description

The PDBM application relies on a static, hard‑coded secret embedded <br /> in the PDBM.exe executable. This secret is used by the application’s <br /> encryption routines, including the function responsible for decrypting <br /> credentials stored in the product’s configuration file. Because the <br /> secret is constant across installations, any attacker with sufficient <br /> local privileges can extract it from the binary. Once obtained, the secret allows the attacker to decrypt the stored <br /> password and authenticate as the user defined in the configuration file.<br /> In the affected version, this user account is configured with <br /> administrative privileges, granting full access to PDBM’s management <br /> interface and its underlying operational functions.

References to Advisories, Solutions, and Tools