Vulnerabilites related to J’s Communication Co., Ltd. - RevoWorks SCVX
CVE-2025-26698 (GCVE-0-2025-26698)
Vulnerability from cvelistv5
Published
2025-02-26 08:42
Modified
2025-02-26 15:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-669 - Incorrect resource transfer between spheres
Summary
Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | J’s Communication Co., Ltd. | RevoWorks SCVX |
Version: 4.0.234 and earlier 4 series versions Version: 5.0.7 and earlier 5 series versions |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:46:43.527797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:32:14.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RevoWorks SCVX",
"vendor": "J\u2019s Communication Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "4.0.234 and earlier 4 series versions"
},
{
"status": "affected",
"version": "5.0.7 and earlier 5 series versions"
}
]
},
{
"product": "RevoWorks Browser",
"vendor": "J\u2019s Communication Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "2.2.100 and earlier 2 series versions"
},
{
"status": "affected",
"version": "3.0.1 and earlier 3 series versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "Incorrect resource transfer between spheres",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T08:42:53.924Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jscom.jp/news-20250217/"
},
{
"url": "https://jvn.jp/en/jp/JVN91300609/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26698",
"datePublished": "2025-02-26T08:42:53.924Z",
"dateReserved": "2025-02-14T04:32:33.696Z",
"dateUpdated": "2025-02-26T15:32:14.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}