CVE-2025-58152

Summary

FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication.

Affected Software

VendorProductVersion RangeStatus
Century Systems Co., Ltd.FutureNet MA-X seriesfrom 6.0.0 to 6.4.1affected
Century Systems Co., Ltd.FutureNet MA-E300 seriesfrom 5.0.0 to 6.2.1affected
Century Systems Co., Ltd.FutureNet MA-S seriesfrom 5.0.0 to 6.4.0affected
Century Systems Co., Ltd.FutureNet MA-P seriesfrom 5.0.0 to 6.4.0affected
Century Systems Co., Ltd.FutureNet IP-K seriesfrom 2.0.0 to 2.2.1affected

Weaknesses

  • CWE-552: Files or directories accessible to external parties

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References