JVNDB-2025-000066

[Japanese]
JVNDB-2025-000066
Improper file access permission settings in multiple i-FILTER products
Overview
Multiple i-FILTER products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions (CWE-276) - CVE-2025-57846 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 7.8 (High) [IPA Score] Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: High Availability Impact: High
Affected Products

Digital Arts Inc. i-FILTER 6.0 versions prior to 6.00.55 Japanese edition i-FILTER for Multi-Device (Windows version only) versions prior to 6.00.55 Japanese edition i-FILTER for ZAQ (Windows version only) versions prior to 6.00.55 Japanese edition i-FILTER Internet Cafe versions prior to 6.10.55 Japanese edition i-FILTER Browser & Cloud MultiAgent for Windows versions prior to 4.93R11 Japanese edition
Note: For the conditions required for this vulnerability, refer to "Vendor Status" section below. i-FILTER is only available in Japan and is a different product to Digital Arts Inc.'s i-FILTER, which has the same pronunciation. This vulnerability does not affect Digital Arts' i-FILTER.
Impact
A local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.
Solution
[Update the Software] Update the software to the latest version according to the information provided by the developer. [Uninstall the Software] Uninstall the software if it is pre-installed without a valid license, or remains installed after the license agreement has expired. For the details, refer to the information provided by the developer.
Vendor Information
Inventit Inc. Inventit Inc. : mobiconnect FILTER browser option (login required) (in Japanese) Digital Arts Inc. Digital Arts Inc. : Notice regarding vulnerabilities in our security products \| i-FILTER Browser & Cloud MultiAgent for Windows (in Japanese) Digital Arts Inc. : Notice regarding vulnerabilities in our security products \| i-FILTER 6.0 / for Multi-Device / for ZAQ / for Internet Cafe (in Japanese) OPTiM Corporation OPTiM Corporation : OPTiM Corporation website (in Japanese) FUJITSU Fujitsu Limited : Fujitsu Limited website (in Japanese)
CWE (What is CWE?)
No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)
CVE-2025-57846
References
JVN : JVN#55678602
Revision History
[2025/08/27] Web page was published [2025/09/29] Vendor Information : Content was added


Date Public	2025/08/27
Date First Published	2025/08/27
Date Last Updated	2025/09/29

Improper file access permission settings in multiple i-FILTER products