Vulnerabilites related to PFU Limited - ScanSnap Manager installers
CVE-2025-57797 (GCVE-0-2025-57797)
Vulnerability from cvelistv5
Published
2025-08-27 05:43
Modified
2025-08-27 14:13
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
  • CWE-266 - Incorrect privilege assignment
Summary
Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. If this vulnerability is exploited, an authenticated local attacker may escalate privileges and execute an arbitrary command.
References
https://www.pfu.ricoh.com/imaging/news/news20230606.html
https://www.pfu.ricoh.com/scansnap/software/sshome/requirement.html
https://jvn.jp/en/jp/JVN69684540/
Impacted products
Vendor Product Version
PFU Limited ScanSnap Manager installers Version: prior to V6.5L61
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57797",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-27T14:11:40.712074Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T14:13:49.733Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ScanSnap Manager installers",
          "vendor": "PFU Limited",
          "versions": [
            {
              "status": "affected",
              "version": "prior to V6.5L61"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. If this vulnerability is exploited, an authenticated local attacker may escalate privileges and execute an arbitrary command."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect privilege assignment",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-27T05:43:18.734Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.pfu.ricoh.com/imaging/news/news20230606.html"
        },
        {
          "url": "https://www.pfu.ricoh.com/scansnap/software/sshome/requirement.html"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN69684540/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2025-57797",
    "datePublished": "2025-08-27T05:43:18.734Z",
    "dateReserved": "2025-08-20T07:06:29.896Z",
    "dateUpdated": "2025-08-27T14:13:49.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}