CRITICAL🇵🇱 Wersja polska

CVE-2025-6077

CVSS 9.8v3.1pub. 2025-08-02upd. 2026-04-15

Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions.

🤖 AI Analysis
How it works

The manufacturer configured identical, unchanged default administrator account credentials across all software versions. A remote attacker, without requiring prior authentication, can use publicly known or easily guessable login credentials to gain access to the administrator account. The vulnerability is classified as CWE-1391 (Use of Weak Credentials), indicating a systemic error in the default access data management policy.

Impact

An attacker can obtain full administrative access to the system without any authorization, enabling them to read, modify, or destroy data, as well as take complete control of the application and its environment.

Mitigation & patch

The default administrator account password must be changed immediately to a unique, strong password after each system installation or update. It is recommended to apply available patches and updates according to the manufacturer's information published at https://partnersoftware.com/resources/software-release-info-4-32/ and CERT/CC recommendations (https://kb.cert.org/vuls/id/317469). Additionally, access to the administration panel should be restricted exclusively to trusted IP addresses.

Who is affected

Partner Software Product and Partner Web application — all software versions according to the manufacturer's description (details in manufacturer references: https://partnersoftware.com/resources/software-release-info-4-32/)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References