fkie_nvd - fkie_cve-2025-30485

fkie_cve-2025-30485

Vulnerability from fkie_nvd

Published

2025-04-03 07:15

Modified

2025-04-07 14:18

Severity ?

6.2 (Medium) - CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.

References

▶	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU92821536/
	vultures@jpcert.or.jp	https://www.centurysys.co.jp/backnumber/common/jvnvu92821536.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files."
    },
    {
      "lang": "es",
      "value": "El siguiente problema de enlace simb\u00f3lico UNIX (Symlink) existe en los routers FutureNet de las series NXR, VXR y WXR. Al conectar al producto afectado un dispositivo de almacenamiento externo que contenga archivos de enlace simb\u00f3lico maliciosos, un usuario administrador con sesi\u00f3n iniciada podr\u00eda obtener o destruir archivos internos."
    }
  ],
  "id": "CVE-2025-30485",
  "lastModified": "2025-04-07T14:18:34.453",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.3,
        "impactScore": 5.9,
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-03T07:15:41.110",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://jvn.jp/en/vu/JVNVU92821536/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://www.centurysys.co.jp/backnumber/common/jvnvu92821536.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-61"
        }
      ],
      "source": "vultures@jpcert.or.jp",
      "type": "Primary"
    }
  ]
}

CVE-2025-30485 (GCVE-0-2025-30485)

Vulnerability from cvelistv5

Published

2025-04-03 06:18

Modified

2025-04-03 13:41

Severity ?

6.2 (Medium) - CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-61 - UNIX symbolic link (Symlink) following

Summary

References

►

URL

Tags

	https://www.centurysys.co.jp/backnumber/common/jvnvu92821536.html
	https://jvn.jp/en/vu/JVNVU92821536/

Impacted products

Vendor

Product

Version

►

Century Systems Co., Ltd.

FutureNet NXR-1420

Version: firmware version 31.0.1 and earlier

Century Systems Co., Ltd.	FutureNet NXR-1300 series	Version: firmware version 7.4.12 and earlier
Century Systems Co., Ltd.	FutureNet NXR-650	Version: firmware version 21.16.5 and earlier
Century Systems Co., Ltd.	FutureNet NXR-610X series	Version: firmware version 21.14.11D and earlier
Century Systems Co., Ltd.	FutureNet NXR-530	Version: firmware version 21.11.15 and earlier
Century Systems Co., Ltd.	FutureNet NXR-350/C	Version: firmware version 5.30.9C and earlier
Century Systems Co., Ltd.	FutureNet NXR-230/C	Version: firmware version 5.30.13 and earlier
Century Systems Co., Ltd.	FutureNet NXR-160/LW	Version: firmware version 21.8.4 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G540 series	Version: firmware version 21.17.0
Century Systems Co., Ltd.	FutureNet NXR-G260 series	Version: firmware version 9.12.17 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G240 series	Version: firmware version 9.12.17 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G180/L-CA	Version: firmware version 21.7.33 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G120 series	Version: firmware version 21.15.2C1 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G110 series	Version: firmware version 21.15.10 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G100 series	Version: firmware version 6.23.11 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G060 series	Version: firmware version 21.15.6C2 and earlier
Century Systems Co., Ltd.	FutureNet NXR-G050 series	Version: firmware version 21.12.11 and earlier
Century Systems Co., Ltd.	FutureNet VXR-x64	Version: firmware version 21.7.33 and earlier
Century Systems Co., Ltd.	FutureNet VXR-x86	Version: firmware version 10.1.5 and earlier
Century Systems Co., Ltd.	FutureNet NXR-1200	Version: N/A
Century Systems Co., Ltd.	FutureNet NXR-130/C	Version: N/A
Century Systems Co., Ltd.	FutureNet NXR-155/C-L	Version: N/A
Century Systems Co., Ltd.	FutureNet NXR-155/C-XW	Version: N/A
Century Systems Co., Ltd.	FutureNet NXR-155/C-WM	Version: N/A
Century Systems Co., Ltd.	FutureNet NXR-125/CX	Version: N/A
Century Systems Co., Ltd.	FutureNet NXR-120/C	Version: N/A
Century Systems Co., Ltd.	FutureNet NXR-G100/SLW	Version: N/A
Century Systems Co., Ltd.	FutureNet NXR-G100/SL	Version: N/A
Century Systems Co., Ltd.	FutureNet NXR-G100/S	Version: N/A
Century Systems Co., Ltd.	FutureNet NXR-G100/N	Version: N/A
Century Systems Co., Ltd.	FutureNet NXR-G100/F	Version: N/A
Century Systems Co., Ltd.	FutureNet WXR-250	Version: N/A

Show details on NVD website