[Japanese]
|
JVNDB-2025-000066
|
Improper file access permission settings in multiple i-FILTER products
|
Multiple i-FILTER products provided by Digital Arts Inc. contains the following vulnerability.
- Incorrect default permissions (CWE-276) - CVE-2025-57846
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 7.8 (High) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
Digital Arts Inc.
- i-FILTER 6.0 versions prior to 6.00.55 Japanese edition
- i-FILTER for Multi-Device (Windows version only) versions prior to 6.00.55 Japanese edition
- i-FILTER for ZAQ (Windows version only) versions prior to 6.00.55 Japanese edition
- i-FILTER Internet Cafe versions prior to 6.10.55 Japanese edition
- i-FILTER Browser & Cloud MultiAgent for Windows versions prior to 4.93R11 Japanese edition
|
Note:
For the conditions required for this vulnerability, refer to "Vendor Status" section below.
i-FILTER is only available in Japan and is a different product to Digital Arts Inc.'s i-FILTER, which has the same pronunciation. This vulnerability does not affect Digital Arts' i-FILTER.
|
A local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.
|
[Update the Software]
Update the software to the latest version according to the information provided by the developer.
[Uninstall the Software]
Uninstall the software if it is pre-installed without a valid license, or remains installed after the license agreement has expired.
For the details, refer to the information provided by the developer.
|
Inventit Inc.
Digital Arts Inc.
OPTiM Corporation
FUJITSU
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
- CVE-2025-57846
|
- JVN : JVN#55678602
|
- [2025/08/27]
Web page was published
- [2025/09/29]
Vendor Information : Content was added
|