[Japanese]

JVNDB-2025-000066

Improper file access permission settings in multiple i-FILTER products

Overview

Multiple i-FILTER products provided by Digital Arts Inc. contains the following vulnerability.
  • Incorrect default permissions (CWE-276) - CVE-2025-57846


Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


Digital Arts Inc.
  • i-FILTER 6.0 versions prior to 6.00.55 Japanese edition
  • i-FILTER for Multi-Device (Windows version only) versions prior to 6.00.55 Japanese edition
  • i-FILTER for ZAQ (Windows version only) versions prior to 6.00.55 Japanese edition
  • i-FILTER Internet Cafe versions prior to 6.10.55 Japanese edition
  • i-FILTER Browser & Cloud MultiAgent for Windows versions prior to 4.93R11 Japanese edition

Note: For the conditions required for this vulnerability, refer to "Vendor Status" section below. i-FILTER is only available in Japan and is a different product to Digital Arts Inc.'s i-FILTER, which has the same pronunciation. This vulnerability does not affect Digital Arts' i-FILTER.
Impact

A local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.
Solution

[Update the Software]
Update the software to the latest version according to the information provided by the developer.

[Uninstall the Software]
Uninstall the software if it is pre-installed without a valid license, or remains installed after the license agreement has expired.

For the details, refer to the information provided by the developer.
Vendor Information

Digital Arts Inc. OPTiM Corporation FUJITSU
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-57846
References

  1. JVN : JVN#55678602
Revision History

  • [2025/08/27]
      Web page was published

Date Public2025/08/27
Date First Published2025/08/27
Date Last Updated2025/08/27