CVE-2025-62577

Summary

ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.

Affected Software

VendorProductVersion RangeStatus
Fsas Technologies Inc.ETERNUS SF AdvancedCopy Manager Standard Edition (for Solaris 10/ 11)15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1affected
Fsas Technologies Inc.ETERNUS SF Storage Cruiser (for Solaris 10/ 11)15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1affected
Fsas Technologies Inc.ETERNUS SF AdvancedCopy Manager Standard Edition (for RHEL 7/ 8/ 9)16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1affected
Fsas Technologies Inc.ETERNUS SF Expressn (for RHEL 7/ 8/ 9)16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1affected
Fsas Technologies Inc.ETERNUS SF Storage Cruisern (for RHEL 7/ 8/ 9)16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1affected
Fsas Technologies Inc.ETERNUS SF AdvancedCopy Manager Standard Edition (for Windows Server 2016/ 2019/ 2022)16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1affected
Fsas Technologies Inc.ETERNUS SF Express (for Windows Server 2016/ 2019/ 2022)16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1affected
Fsas Technologies Inc.ETERNUS SF Storage Cruiser (for Windows Server 2016/ 2019/ 2022)16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1affected

Weaknesses

  • CWE-276: Incorrect default permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References