CVE-2026-25600

Published: Giu 01, 2026 Last Modified: Giu 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,4

Source: a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

Attack Vector: local

Attack Complexity: high

Privileges Required: high

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

The PDBM application relies on a static, hard‑coded secret embedded
in the PDBM.exe executable. This secret is used by the application’s
encryption routines, including the function responsible for decrypting
credentials stored in the product’s configuration file. Because the
secret is constant across installations, any attacker with sufficient
local privileges can extract it from the binary. Once obtained, the secret allows the attacker to decrypt the stored
password and authenticate as the user defined in the configuration file.
In the affected version, this user account is configured with
administrative privileges, granting full access to PDBM’s management
interface and its underlying operational functions.

798

Use of Hard-coded Credentials

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Integrity Confidentiality Availability Other

Potential Impacts:

Bypass Protection Mechanism Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Other

Applicable Platforms

Technologies: Mobile, ICS/OT

Likelihood of Exploit: High

View CWE Details

https://www.cert.si/en/cve-2026-25600/

CVE-2026-25600

Description

Use of Hard-coded Credentials

Common Consequences

Applicable Platforms

Iscriviti alla newsletter