[Japanese]

JVNDB-2025-000038

UpdateNavi vulnerable to improper restriction of communication channel to intended endpoints

Overview

UpdateNavi provided by Fujitsu Client Computing Limited contains the following vulnerability.
  • Improper restriction of communication channel to intended endpoints (CWE-923)

Shu Yoshikoshi of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.1 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


Fujitsu Client Computing Limited
  • Update Navi V1.4 L10 to L33
  • Update Navi InstallService Service 1.2.0091 to 1.2.0125

Impact

If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed.
Solution

[Update the application]
Update the application to the latest version according to the information provided by the developer.
The application will be updated automatically when the product is running and connected to the Internet.
Vendor Information

Fujitsu Client Computing Limited
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-35978
References

  1. JVN : JVN#17860456
Revision History

  • [2025/06/12]
      Web page was published

Date Public2025/06/12
Date First Published2025/06/12
Date Last Updated2025/06/12