CVE-2025-30485

Summary

UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.

Affected Software

VendorProductVersion RangeStatus
Century Systems Co., Ltd.FutureNet NXR-1420firmware version 31.0.1 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-1300 seriesfirmware version 7.4.12 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-650firmware version 21.16.5 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-610X seriesfirmware version 21.14.11D and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-530firmware version 21.11.15 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-350/Cfirmware version 5.30.9C and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-230/Cfirmware version 5.30.13 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-160/LWfirmware version 21.8.4 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G540 seriesfirmware version 21.17.0affected
Century Systems Co., Ltd.FutureNet NXR-G260 seriesfirmware version 9.12.17 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G240 seriesfirmware version 9.12.17 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G180/L-CAfirmware version 21.7.33 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G120 seriesfirmware version 21.15.2C1 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G110 seriesfirmware version 21.15.10 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G100 seriesfirmware version 6.23.11 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G060 seriesfirmware version 21.15.6C2 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-G050 seriesfirmware version 21.12.11 and earlieraffected
Century Systems Co., Ltd.FutureNet VXR-x64firmware version 21.7.33 and earlieraffected
Century Systems Co., Ltd.FutureNet VXR-x86firmware version 10.1.5 and earlieraffected
Century Systems Co., Ltd.FutureNet NXR-1200N/Aaffected
Century Systems Co., Ltd.FutureNet NXR-130/CN/Aaffected
Century Systems Co., Ltd.FutureNet NXR-155/C-LN/Aaffected
Century Systems Co., Ltd.FutureNet NXR-155/C-XWN/Aaffected
Century Systems Co., Ltd.FutureNet NXR-155/C-WMN/Aaffected
Century Systems Co., Ltd.FutureNet NXR-125/CXN/Aaffected
Century Systems Co., Ltd.FutureNet NXR-120/CN/Aaffected
Century Systems Co., Ltd.FutureNet NXR-G100/SLWN/Aaffected
Century Systems Co., Ltd.FutureNet NXR-G100/SLN/Aaffected
Century Systems Co., Ltd.FutureNet NXR-G100/SN/Aaffected
Century Systems Co., Ltd.FutureNet NXR-G100/NN/Aaffected
Century Systems Co., Ltd.FutureNet NXR-G100/FN/Aaffected
Century Systems Co., Ltd.FutureNet WXR-250N/Aaffected

Weaknesses

  • CWE-61: UNIX symbolic link (Symlink) following

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References