[Japanese]

JVNDB-2026-001663

"iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization

Overview

Remote Management Controller "iRMC S5/S6" implemented in PRIMERGY provided by Fsas Technologies Inc. contains the following vulnerability.Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

Affected Products

Multiple products implementing Remote Management Controller "iRMC S5/S6" are affected by the vulnerability.
As for the details of affected products, refer to the information provided by the developer.

Note that "iRMC S4" is not affected by the vulnerability.

Fsas Technologies Inc.
  • (multiple product)

Impact

A user with privileges other than "Administrator" may be able to access the Web UI or use the Redfish API beyond the intended privilege level.
Solution

[Update the Software]
Update the software to the latest version according to the information provided by the developer.

[Apply the workaround]
Until the software is updated, applying the following workaround is recommended to mitigate the impact of the vulnerability.
  • Set the username for users registering with iRMC to 15 characters limit
For the details, refer to the information provided by the developer.
Vendor Information

Fsas Technologies Inc.
CWE (What is CWE?)

  1. Incorrect Authorization(CWE-863) [Other]
CVE (What is CVE?)

  1. CVE-2025-65002
References

  1. JVN : JVNVU#95177764
Revision History

  • [2026/01/23]
      Web page was published

Date Public2026/01/22
Date First Published2026/01/23
Date Last Updated2026/01/23