|
[Japanese]
|
JVNDB-2025-000057
|
Multiple vulnerabilities in Mubit Powered BLUE 870
|
|
Powered BLUE 870 provided by Mubit co.,ltd. contains multiple vulnerabilities listed below.- OS command injection (CWE-78) - CVE-2025-54958
- Path traversal (CWE-22) - CVE-2025-54959
CVE-2025-54958
Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2025-54959
Satoshi Horikoshi of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 6.3 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2025-54958
|
CVSS V3 Severity:
Base Metrics:4.3 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-54959
|
|
|
Mubit co.,ltd.
- Powered BLUE 870 versions 0.20130927 and prior
|
|
|
- Arbitrary OS commands may be executed on the affected product by an authenticated user (CVE-2025-54958)
- An arbitrary file in the affected product may be accessed by an authenticated user (CVE-2025-54959)
|
|
[Stop using the product and switch to alternative product]
The developer states that the affected product is no longer supported, and recommends to use alternative unaffected product Powered BLUE 890.
|
|
Mubit co.,ltd.
|
|
- Path Traversal(CWE-22) [IPA Evaluation]
- OS Command Injection(CWE-78) [IPA Evaluation]
|
|
- CVE-2025-54958
- CVE-2025-54959
|
|
- JVN : JVN#39636188
|
|
- [2025/08/08]
Web page was published
|
