CVE-2025-54763 | THREATINT

Description

FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command.

PUBLISHED Reserved 2025-10-17 | Published 2025-10-31 | Updated 2025-10-31 | Assigner jpcert

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Improper neutralization of special elements used in an OS command ('OS Command Injection')

Product status

from 6.0.0 to 6.4.1

affected

from 5.0.0 to 6.2.1

affected

from 5.0.0 to 6.4.0

affected

from 5.0.0 to 6.4.0

affected

from 2.0.0 to 2.2.1

affected

References

www.centurysys.co.jp/backnumber/common/jvnvu98191201.html

jvn.jp/en/vu/JVNVU98191201/

cve.org (CVE-2025-54763)

nvd.nist.gov (CVE-2025-54763)

Download JSON