CVE-2025-6513 (GCVE-0-2025-6513)

Vulnerability from cvelistv5 – Published: 2025-06-23 12:37 – Updated: 2025-06-23 13:25
VLAI
Title
BRAIN2 Configuration file for database access not sufficiently secured
Summary
Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.
Severity
9.3 (Critical)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-260 - Password in Configuration File
Assigner
References
Impacted products
Vendor Product Version
Bizerba SE & Co. KG BRAIN2 Affected: 0.0 , < 3.06 (semver)
Create a notification for this product.
Date Public
2025-06-22 22:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6513",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-23T13:25:51.725596Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-23T13:25:56.804Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "x86"
          ],
          "product": "BRAIN2",
          "vendor": "Bizerba SE \u0026 Co. KG",
          "versions": [
            {
              "lessThan": "3.06",
              "status": "affected",
              "version": "0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-06-22T22:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.\u003cbr\u003e"
            }
          ],
          "value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-260",
              "description": "CWE-260: Password in Configuration File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-23T12:37:55.000Z",
        "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "shortName": "bizerba"
      },
      "references": [
        {
          "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0003.pdf"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to the newest Version 3.06\u003cbr\u003e"
            }
          ],
          "value": "Update to the newest Version 3.06"
        }
      ],
      "source": {
        "advisory": "BIZERBA-SA-2025-0003",
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-24T22:00:00.000Z",
          "value": "Release new BRAIN2 Version 3.06"
        }
      ],
      "title": "BRAIN2 Configuration file for database access not sufficiently secured",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cul\u003e\u003cli\u003eDeactivate not needed users or delete them\u003c/li\u003e\u003cli\u003eEnsure that only authorized users have access to the device/software\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "*  Deactivate not needed users or delete them\n  *  Ensure that only authorized users have access to the device/software"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
    "assignerShortName": "bizerba",
    "cveId": "CVE-2025-6513",
    "datePublished": "2025-06-23T12:37:55.000Z",
    "dateReserved": "2025-06-23T09:36:49.537Z",
    "dateUpdated": "2025-06-23T13:25:56.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-6513",
      "date": "2026-06-03",
      "epss": "0.0009",
      "percentile": "0.25472"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-6513\",\"sourceIdentifier\":\"0beee27a-7d8c-424f-8e46-ac453fa147e6\",\"published\":\"2025-06-23T13:15:23.040\",\"lastModified\":\"2025-06-23T20:16:21.633\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.\"},{\"lang\":\"es\",\"value\":\"Los usuarios est\u00e1ndar de Windows pueden acceder al archivo de configuraci\u00f3n para el acceso a la base de datos de la aplicaci\u00f3n BRAIN2 y descifrarlo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"0beee27a-7d8c-424f-8e46-ac453fa147e6\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"0beee27a-7d8c-424f-8e46-ac453fa147e6\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-260\"}]}],\"references\":[{\"url\":\"https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0003.pdf\",\"source\":\"0beee27a-7d8c-424f-8e46-ac453fa147e6\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-6513\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-23T13:25:51.725596Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-23T13:25:53.637Z\"}}], \"cna\": {\"title\": \"BRAIN2 Configuration file for database access not sufficiently secured\", \"source\": {\"advisory\": \"BIZERBA-SA-2025-0003\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Bizerba SE \u0026 Co. KG\", \"product\": \"BRAIN2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0\", \"lessThan\": \"3.06\", \"versionType\": \"semver\"}], \"platforms\": [\"Windows\", \"x86\"], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-05-24T22:00:00.000Z\", \"value\": \"Release new BRAIN2 Version 3.06\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to the newest Version 3.06\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update to the newest Version 3.06\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2025-06-22T22:00:00.000Z\", \"references\": [{\"url\": \"https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0003.pdf\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"*  Deactivate not needed users or delete them\\n  *  Ensure that only authorized users have access to the device/software\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cul\u003e\u003cli\u003eDeactivate not needed users or delete them\u003c/li\u003e\u003cli\u003eEnsure that only authorized users have access to the device/software\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-260\", \"description\": \"CWE-260: Password in Configuration File\"}]}], \"providerMetadata\": {\"orgId\": \"0beee27a-7d8c-424f-8e46-ac453fa147e6\", \"shortName\": \"bizerba\", \"dateUpdated\": \"2025-06-23T12:37:55.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-6513\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-23T13:25:56.804Z\", \"dateReserved\": \"2025-06-23T09:36:49.537Z\", \"assignerOrgId\": \"0beee27a-7d8c-424f-8e46-ac453fa147e6\", \"datePublished\": \"2025-06-23T12:37:55.000Z\", \"assignerShortName\": \"bizerba\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.