JVNDB-2025-007521

[Japanese]
JVNDB-2025-007521
Multiple Brother driver installers for Windows vulnerable to privilege escalation
Overview
Multiple Brother driver installers for Windows contain the following vulnerability. * Files or directories accessible to external parties (CWE-552) - CVE-2025-49797 Julian Horoszkiewicz of Eviden reported this vulnerability to the developer. JPCERT/CC coordinated between the reporter and the developer.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 7.8 (High) [Other] Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: High Availability Impact: High
Affected Products

(Multiple Venders) (Multiple Products)
A wide range of products are affected. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors in [Vendor Status].
Impact
An arbitrary program may be executed with the administrative privilege.
Solution
[Re-run the installer] Execute the latest version of the installer according to the information provided by the respective vendors in [Vendor Status]. You need to execute the installer again even if the driver has already been installed, because the related files installed in the system should be updated.
Vendor Information
Brother Industries BROTHER INDUSTRIES, LTD. : Brother Industries, Ltd. website (in Japanese) JVN : Information from Brother Industries, Ltd. TOSHIBA TEC JVN : Information from Toshiba Tec Corporation Toshiba Tec Corporation : Toshiba Tec Corporation website
CWE (What is CWE?)
Files or Directories Accessible to External Parties(CWE-552) [Other]
CVE (What is CVE?)
CVE-2025-49797
References
JVN : JVNVU#91819309
Revision History
[2025/06/27] Web page was published


Date Public	2025/06/25
Date First Published	2025/06/27
Date Last Updated	2025/06/27

Multiple Brother driver installers for Windows vulnerable to privilege escalation