SUR-FBD CMMS Software Hit by Hard-Coded Password Bug

A critical security flaw has been identified in the SUR-FBD CMMS Software, exposing users to unauthorized access risks. The vulnerability, tracked as CVE-2025-3920, stems from the use of hard-coded passwords within the application. Security researchers warn that attackers could exploit this flaw to bypass authentication measures and gain control over the system.

The hard-coded credential issue significantly undermines system integrity, especially in environments that rely on the software for facility and maintenance management. Users of the SUR-FBD CMMS software are advised to assess their current deployments and apply mitigations as soon as they become available. Without remediation, affected systems may remain vulnerable to external intrusion.

Authorities have assigned CVE-2025-3920 a unique identifier to help organizations track and address the threat. Security professionals recommend monitoring official advisories for updates and patch releases.

To access the full security advisory and technical details, visit the official CERT website at
https://cert.pl/en/posts/2025/07/CVE-2025-3920/