|
[Japanese]
|
JVNDB-2025-011884
|
FUJIFILM Healthcare Americas Synapse Mobility vulnerable to Privilege Escalation
|
|
Synapse Mobility provided by FUJIFILM Healthcare Americas Corporation is vulnerable to privilege escalation.
* Privilege escalation vulnerability through external control of Web parameter (CWE-472) - CVE-2025-54551
Christopher Alejandro (Moroco) reported this vulnerability to CISA ICS.
JPCERT/CC, upon request from CISA ICS, coordinated with the developer.
|
|
CVSS V3 Severity:
Base Metrics 4.3 (Medium) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
|
|
|
FUJIFILM Healthcare Americas Corporation
- Synapse Mobility version 8.0
- Synapse Mobility version 8.0.1
- Synapse Mobility version 8.0.2
- Synapse Mobility version 8.1
- Synapse Mobility version 8.1.1
|
Synapse Mobility versions 8.2x and 9.0 are not affected by this vulnerability.
|
|
By altering the parameters of the search function, a user of the product may escalate the privilege and access data that the user do not have permission to view.
|
|
[Update the Software]
Update the software to the following versions which are not affected by this vulnerability according to the information provided by the developer.
* Synapse Mobility version 9.0 or 8.2x
[Apply the patches]
The developer has provided the patches for the following versions to address this vulnerability.
* For Synapse Mobility versions 8.0 to 8.1.1
As for the details, refer to the information provided by the developer.
|
|
FUJIFILM Healthcare Americas Corporation
|
|
- External Control of Assumed-Immutable Web Parameter(CWE-472) [Other]
|
|
- CVE-2025-54551
|
|
- JVN : JVNVU#94286093
- ICS-CERT ADVISORY : ICSMA-25-233-01
|
|
- [2025/08/21]
Web page was published
- [2025/08/25]
References : Content was added
|
