[Japanese]

JVNDB-2025-000057

Multiple vulnerabilities in Mubit Powered BLUE 870

Overview

Powered BLUE 870 provided by Mubit co.,ltd. contains multiple vulnerabilities listed below.
  • OS command injection (CWE-78) - CVE-2025-54958
  • Path traversal (CWE-22) - CVE-2025-54959

CVE-2025-54958
Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2025-54959
Satoshi Horikoshi of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2025-54958


CVSS V3 Severity:
Base Metrics:4.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-54959
Affected Products


Mubit co.,ltd.
  • Powered BLUE 870 versions 0.20130927 and prior

Impact

  • Arbitrary OS commands may be executed on the affected product by an authenticated user (CVE-2025-54958)
  • An arbitrary file in the affected product may be accessed by an authenticated user (CVE-2025-54959)
Solution

[Stop using the product and switch to alternative product]
The developer states that the affected product is no longer supported, and recommends to use alternative unaffected product Powered BLUE 890.
Vendor Information

Mubit co.,ltd.
CWE (What is CWE?)

  1. Path Traversal(CWE-22) [IPA Evaluation]
  2. OS Command Injection(CWE-78) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-54958
  2. CVE-2025-54959
References

  1. JVN : JVN#39636188
Revision History

  • [2025/08/08]
      Web page was published