CVE-2025-30485 | THREATINT

Description

UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.

Reserved 2025-03-24 | Published 2025-04-03 | Updated 2025-04-03 | Assigner jpcert

MEDIUM: 6.2CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

UNIX symbolic link (Symlink) following

Product status

firmware version 31.0.1 and earlier

affected

firmware version 7.4.12 and earlier

affected

firmware version 21.16.5 and earlier

affected

firmware version 21.14.11D and earlier

affected

firmware version 21.11.15 and earlier

affected

firmware version 5.30.9C and earlier

affected

firmware version 5.30.13 and earlier

affected

firmware version 21.8.4 and earlier

affected

firmware version 21.17.0

affected

firmware version 9.12.17 and earlier

affected

firmware version 9.12.17 and earlier

affected

firmware version 21.7.33 and earlier

affected

firmware version 21.15.2C1 and earlier

affected

firmware version 21.15.10 and earlier

affected

firmware version 6.23.11 and earlier

affected

firmware version 21.15.6C2 and earlier

affected

firmware version 21.12.11 and earlier

affected

firmware version 21.7.33 and earlier

affected

firmware version 10.1.5 and earlier

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

Any version

affected

References

www.centurysys.co.jp/backnumber/common/jvnvu92821536.html

jvn.jp/en/vu/JVNVU92821536/

cve.org (CVE-2025-30485)

nvd.nist.gov (CVE-2025-30485)

Download JSON