Static Secret Vulnerability in PDBM Application from Vendor
CVE-2026-25600

6.4MEDIUM

Key Information:

Vendor: Trac D.o.o.
Status: Pdbm
Vendor: CVE Published:; 1 June 2026

🔔 Create Trac D.o.o. Vulnerability Alert

What is CVE-2026-25600?

The PDBM application contains a security vulnerability due to its reliance on a static, hard-coded secret embedded within its executable. This secret is essential for the application's encryption processes, including decrypting user credentials stored in the product's configuration file. As this secret remains constant across all installations, an attacker with sufficient local privileges can extract it from the application's binary. Once the secret is compromised, the attacker can decrypt stored passwords and gain unauthorized access as the privileged user specified in the configuration file, leading to potential exploitation of the application's management interface and its operational functionalities.

Affected Version(s)

PDBM 0 < 2.0.0.0

References

https://www.cert.si/en/cve-2026-25600/

third-party-advisory

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Feb 3, 2026

Credit

Mijo Mišić, Combis d.o.o.

CVE-2026-25600 Data

JSON