[Japanese]

JVNDB-2025-000065

ScanSnap Manager installers vulnerable to privilege escalation

Overview

ScanSnap Manager installers provided by PFU Limited contain the following vulnerability.
  • Incorrect privilege assignment (CWE-266) - CVE-2025-57797

Kazuhira Agata, Kentaro Kan, Tomoaki Kobayashi, Takayuki Tomita, Yoshiaki Yamamuro reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


PFU Limited
  • ScanSnap Manager installers versions prior to V6.5L61

Impact

An authenticated local attacker may escalate privileges and execute an arbitrary command.
Solution

[Stop using the product and switch to alternative product]
The developer states that the affected product is no longer supported, and recommends to use alternative unaffected product ScanSnap Home.
Refer to the information provided by the developer for details.
Vendor Information

PFU Limited
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-57797
References

  1. JVN : JVN#69684540
Revision History

  • [2025/08/27]
      Web page was published

Date Public2025/08/27
Date First Published2025/08/27
Date Last Updated2025/08/27