JVNDB-2025-011884

FUJIFILM Healthcare Americas Synapse Mobility vulnerable to Privilege Escalation

Synapse Mobility provided by FUJIFILM Healthcare Americas Corporation is vulnerable to privilege escalation.

* Privilege escalation vulnerability through external control of Web parameter (CWE-472) - CVE-2025-54551

Christopher Alejandro (Moroco) reported this vulnerability to CISA ICS.
JPCERT/CC, upon request from CISA ICS, coordinated with the developer.

FUJIFILM Healthcare Americas Corporation

• Synapse Mobility version 8.0
• Synapse Mobility version 8.0.1
• Synapse Mobility version 8.0.2
• Synapse Mobility version 8.1
• Synapse Mobility version 8.1.1

Synapse Mobility versions 8.2x and 9.0 are not affected by this vulnerability.

By altering the parameters of the search function, a user of the product may escalate the privilege and access data that the user do not have permission to view.

[Update the Software]
Update the software to the following versions which are not affected by this vulnerability according to the information provided by the developer.

* Synapse Mobility version 9.0 or 8.2x

[Apply the patches]
The developer has provided the patches for the following versions to address this vulnerability.

* For Synapse Mobility versions 8.0 to 8.1.1

As for the details, refer to the information provided by the developer.

FUJIFILM Healthcare Americas Corporation

• FUJIFILM Healthcare Americas Corporation : Synapse Mobility Vulnerability Notification

1. External Control of Assumed-Immutable Web Parameter(CWE-472) [Other]

1. CVE-2025-54551

1. JVN : JVNVU#94286093

• [2025/08/21]
    Web page was published