|
[Japanese]
|
JVNDB-2025-000011
|
Multiple vulnerabilities in FileMegane
|
|
FileMegane provided by JIP InfoBridge Co., Ltd. contains multiple vulnerabilities listed below.
- Server-Side Request Forgery (SSRF) (CWE-918) - CVE-2025-20075
- Authentication Bypass by Spoofing (CWE-290) - CVE-2025-25055
Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 7.2 (High) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2025-20075
|
CVSS V3 Severity:
Base Metrics 5.3 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-25055
|
|
|
JIP InfoBridge Co., Ltd.
- FileMegane versions above 3.0.0.0 prior to 3.4.0.0 (CVE-2025-20075)
- FileMegane versions above 1.0.0.0 prior to 3.4.0.0 (CVE-2025-25055)
|
|
|
- Executing arbitrary backend Web API requests could potentially lead to rebooting the services (CVE-2025-20075)
- User impersonation could allow access to restricted file contents (CVE-2025-25055)
|
|
[Update the software]
Update the software to the latest version according to the information provided by the developer.
The developer has released the update listed below that addresses these vulnerabilities.
|
|
JIP InfoBridge Co., Ltd.
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2025-20075
- CVE-2025-25055
|
|
- JVN : JVN#80527854
|
|
- [2025/02/13]
Web page was published
|
