CVE-2025-58152 | THREATINT

Description

FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication.

PUBLISHED Reserved 2025-10-17 | Published 2025-10-31 | Updated 2025-10-31 | Assigner jpcert

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

Files or directories accessible to external parties

Product status

from 6.0.0 to 6.4.1

affected

from 5.0.0 to 6.2.1

affected

from 5.0.0 to 6.4.0

affected

from 5.0.0 to 6.4.0

affected

from 2.0.0 to 2.2.1

affected

References

www.centurysys.co.jp/backnumber/common/jvnvu98191201.html

jvn.jp/en/vu/JVNVU98191201/

cve.org (CVE-2025-58152)

nvd.nist.gov (CVE-2025-58152)

Download JSON