CVE-2025-35978
7.1
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fujitsu Client Computing Limited | UpdateNavi | V1.4 L10 to L33 | affected |
| Fujitsu Client Computing Limited | UpdateNaviInstallService | Service 1.2.0091 to 1.2.0125 | affected |
Weaknesses
- CWE-923: Improper restriction of communication channel to intended endpoints
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://azby.fmworld.net/support/security/information/updatenavi202506/
- https://jvn.jp/en/jp/JVN17860456/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.