CVE-2025-62577
8.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fsas Technologies Inc. | ETERNUS SF AdvancedCopy Manager Standard Edition (for Solaris 10/ 11) | 15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1 | affected |
| Fsas Technologies Inc. | ETERNUS SF Storage Cruiser (for Solaris 10/ 11) | 15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1 | affected |
| Fsas Technologies Inc. | ETERNUS SF AdvancedCopy Manager Standard Edition (for RHEL 7/ 8/ 9) | 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1 | affected |
| Fsas Technologies Inc. | ETERNUS SF Expressn (for RHEL 7/ 8/ 9) | 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1 | affected |
| Fsas Technologies Inc. | ETERNUS SF Storage Cruisern (for RHEL 7/ 8/ 9) | 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1 | affected |
| Fsas Technologies Inc. | ETERNUS SF AdvancedCopy Manager Standard Edition (for Windows Server 2016/ 2019/ 2022) | 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1 | affected |
| Fsas Technologies Inc. | ETERNUS SF Express (for Windows Server 2016/ 2019/ 2022) | 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1 | affected |
| Fsas Technologies Inc. | ETERNUS SF Storage Cruiser (for Windows Server 2016/ 2019/ 2022) | 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1 | affected |
Weaknesses
- CWE-276: Incorrect default permissions
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
- https://www.fujitsu.com/global/support/products/computing/storage/20251020/index.html
- https://www.fsastech.com/ja-jp/resources/security/2025/1020.html
- https://jvn.jp/en/jp/JVN44266462/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.