CVE-2025-26698 (GCVE-0-2025-26698)
Vulnerability from cvelistv5
Published
2025-02-26 08:42
Modified
2025-02-26 15:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-669 - Incorrect resource transfer between spheres
Summary
Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | J’s Communication Co., Ltd. | RevoWorks SCVX |
Version: 4.0.234 and earlier 4 series versions Version: 5.0.7 and earlier 5 series versions |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:46:43.527797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:32:14.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RevoWorks SCVX",
"vendor": "J\u2019s Communication Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "4.0.234 and earlier 4 series versions"
},
{
"status": "affected",
"version": "5.0.7 and earlier 5 series versions"
}
]
},
{
"product": "RevoWorks Browser",
"vendor": "J\u2019s Communication Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "2.2.100 and earlier 2 series versions"
},
{
"status": "affected",
"version": "3.0.1 and earlier 3 series versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "Incorrect resource transfer between spheres",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T08:42:53.924Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jscom.jp/news-20250217/"
},
{
"url": "https://jvn.jp/en/jp/JVN91300609/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26698",
"datePublished": "2025-02-26T08:42:53.924Z",
"dateReserved": "2025-02-14T04:32:33.696Z",
"dateUpdated": "2025-02-26T15:32:14.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-26698\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2025-02-26T13:15:41.983\",\"lastModified\":\"2025-02-26T13:15:41.983\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.\"},{\"lang\":\"es\",\"value\":\"Existe un problema de transferencia incorrecta de recursos entre esferas en RevoWorks SCVX y RevoWorks Browser. Si se explota esta vulnerabilidad, se pueden descargar archivos maliciosos en el sistema en el que se utiliza el producto.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"vultures@jpcert.or.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N\",\"baseScore\":2.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.0,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"vultures@jpcert.or.jp\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-669\"}]}],\"references\":[{\"url\":\"https://jscom.jp/news-20250217/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://jvn.jp/en/jp/JVN91300609/\",\"source\":\"vultures@jpcert.or.jp\"}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"vendor\": \"J\\u2019s Communication Co., Ltd.\", \"product\": \"RevoWorks SCVX\", \"versions\": [{\"version\": \"4.0.234 and earlier 4 series versions\", \"status\": \"affected\"}, {\"version\": \"5.0.7 and earlier 5 series versions\", \"status\": \"affected\"}]}, {\"vendor\": \"J\\u2019s Communication Co., Ltd.\", \"product\": \"RevoWorks Browser\", \"versions\": [{\"version\": \"2.2.100 and earlier 2 series versions\", \"status\": \"affected\"}, {\"version\": \"3.0.1 and earlier 3 series versions\", \"status\": \"affected\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"Incorrect resource transfer between spheres\", \"lang\": \"en-US\", \"cweId\": \"CWE-669\", \"type\": \"CWE\"}]}], \"references\": [{\"url\": \"https://jscom.jp/news-20250217/\"}, {\"url\": \"https://jvn.jp/en/jp/JVN91300609/\"}], \"metrics\": [{\"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}], \"cvssV3_0\": {\"version\": \"3.0\", \"baseSeverity\": \"LOW\", \"baseScore\": 2.7, \"vectorString\": \"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N\"}}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2025-02-26T08:42:53.924Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-26698\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-26T14:46:43.527797Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-26T14:46:44.854Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2025-26698\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"jpcert\", \"dateReserved\": \"2025-02-14T04:32:33.696Z\", \"datePublished\": \"2025-02-26T08:42:53.924Z\", \"dateUpdated\": \"2025-02-26T15:32:14.346Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…