CVE-2025-35978

Summary

Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed.

Affected Software

VendorProductVersion RangeStatus
Fujitsu Client Computing LimitedUpdateNaviV1.4 L10 to L33affected
Fujitsu Client Computing LimitedUpdateNaviInstallServiceService 1.2.0091 to 1.2.0125affected

Weaknesses

  • CWE-923: Improper restriction of communication channel to intended endpoints

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References