CVE-2025-57846 (GCVE-0-2025-57846)
Vulnerability from cvelistv5
Published
2025-08-27 05:28
Modified
2025-08-27 14:52
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
  • CWE-276 - Incorrect default permissions
Summary
Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.
References
vultures@jpcert.or.jphttps://jvn.jp/en/jp/JVN55678602/
vultures@jpcert.or.jphttps://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=information_20250827_01.pdf
vultures@jpcert.or.jphttps://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=information_20250827_02.pdf
Impacted products
Vendor Product Version
Digital Arts Inc. i-フィルター 6.0 Version: prior to 6.00.55
 Create a notification for this product.
   Digital Arts Inc. i-フィルター for マルチデバイス Version: prior to 6.00.55 (Windows version only)
 Create a notification for this product.
   Digital Arts Inc. i-フィルター for ZAQ Version: prior to 6.00.55 (Windows version only)
 Create a notification for this product.
   Digital Arts Inc. i-フィルター for ネットカフェ Version: prior to 6.10.55
 Create a notification for this product.
   Digital Arts Inc. i-FILTER ブラウザー&クラウド MultiAgent for Windows Version: prior to 4.93.R11
 Create a notification for this product.
   Fujitsu Limited FENCE-Mobile RemoteManager i-FILTER Browser Service Version: prior to 4.93R11
 Create a notification for this product.
   OPTiM Corporation Optimal Biz Web Filtering Powered by i-FILTER (Windows version) Version: prior to 4.93R11
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57846",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-27T14:47:59.700143Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T14:52:39.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0",
          "vendor": "Digital Arts Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 6.00.55"
            }
          ]
        },
        {
          "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9",
          "vendor": "Digital Arts Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 6.00.55 (Windows version only)"
            }
          ]
        },
        {
          "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ",
          "vendor": "Digital Arts Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 6.00.55 (Windows version only)"
            }
          ]
        },
        {
          "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7",
          "vendor": "Digital Arts Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 6.10.55"
            }
          ]
        },
        {
          "product": "i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows",
          "vendor": "Digital Arts Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 4.93.R11"
            }
          ]
        },
        {
          "product": "FENCE-Mobile RemoteManager i-FILTER Browser Service",
          "vendor": "Fujitsu Limited",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 4.93R11"
            }
          ]
        },
        {
          "product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)",
          "vendor": "OPTiM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 4.93R11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect default permissions",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-27T05:28:42.925Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_01.pdf"
        },
        {
          "url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_02.pdf"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN55678602/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2025-57846",
    "datePublished": "2025-08-27T05:28:42.925Z",
    "dateReserved": "2025-08-21T04:04:10.182Z",
    "dateUpdated": "2025-08-27T14:52:39.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-57846\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2025-08-27T06:15:30.777\",\"lastModified\":\"2025-08-29T16:24:09.860\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.\"},{\"lang\":\"es\",\"value\":\"Varios productos i-????? presentan un problema con permisos predeterminados incorrectos. Si se explota esta vulnerabilidad, un atacante local autenticado podr\u00eda reemplazar un ejecutable de servicio en el sistema donde se ejecuta el producto, lo que podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario con privilegios de SYSTEM.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"vultures@jpcert.or.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV30\":[{\"source\":\"vultures@jpcert.or.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"vultures@jpcert.or.jp\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN55678602/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_01.pdf\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_02.pdf\",\"source\":\"vultures@jpcert.or.jp\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-57846\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-27T14:47:59.700143Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-27T14:51:43.886Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Digital Arts Inc.\", \"product\": \"i-\\u30d5\\u30a3\\u30eb\\u30bf\\u30fc 6.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"prior to 6.00.55\"}]}, {\"vendor\": \"Digital Arts Inc.\", \"product\": \"i-\\u30d5\\u30a3\\u30eb\\u30bf\\u30fc for \\u30de\\u30eb\\u30c1\\u30c7\\u30d0\\u30a4\\u30b9\", \"versions\": [{\"status\": \"affected\", \"version\": \"prior to 6.00.55 (Windows version only)\"}]}, {\"vendor\": \"Digital Arts Inc.\", \"product\": \"i-\\u30d5\\u30a3\\u30eb\\u30bf\\u30fc for ZAQ\", \"versions\": [{\"status\": \"affected\", \"version\": \"prior to 6.00.55 (Windows version only)\"}]}, {\"vendor\": \"Digital Arts Inc.\", \"product\": \"i-\\u30d5\\u30a3\\u30eb\\u30bf\\u30fc for \\u30cd\\u30c3\\u30c8\\u30ab\\u30d5\\u30a7\", \"versions\": [{\"status\": \"affected\", \"version\": \"prior to 6.10.55\"}]}, {\"vendor\": \"Digital Arts Inc.\", \"product\": \"i-FILTER \\u30d6\\u30e9\\u30a6\\u30b6\\u30fc\\uff06\\u30af\\u30e9\\u30a6\\u30c9 MultiAgent for Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"prior to 4.93.R11\"}]}, {\"vendor\": \"Fujitsu Limited\", \"product\": \"FENCE-Mobile RemoteManager i-FILTER Browser Service\", \"versions\": [{\"status\": \"affected\", \"version\": \"prior to 4.93R11\"}]}, {\"vendor\": \"OPTiM Corporation\", \"product\": \"Optimal Biz Web Filtering Powered by i-FILTER (Windows version)\", \"versions\": [{\"status\": \"affected\", \"version\": \"prior to 4.93R11\"}]}], \"references\": [{\"url\": \"https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_01.pdf\"}, {\"url\": \"https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_02.pdf\"}, {\"url\": \"https://jvn.jp/en/jp/JVN55678602/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple i-\\u30d5\\u30a3\\u30eb\\u30bf\\u30fc products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-276\", \"description\": \"Incorrect default permissions\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2025-08-27T05:28:42.925Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-57846\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-27T14:52:39.319Z\", \"dateReserved\": \"2025-08-21T04:04:10.182Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2025-08-27T05:28:42.925Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.