CVE-2025-35978
BaseFortify
Publication date: 2025-06-12
Last updated on: 2025-06-12
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-923 | The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Fujitsu's UpdateNavi software (versions V1.4 L10 to L33) and UpdateNaviInstallService (versions 1.2.0091 to 1.2.0125). It is caused by improper restriction of communication channels to intended endpoints, allowing a local authenticated attacker to send malicious data. This can result in modification of arbitrary registry values or execution of arbitrary code on the affected system. [1, 2]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized modification of system registry values or execution of arbitrary code by a local authenticated attacker. This can compromise system integrity and availability, potentially allowing attackers to alter system behavior or disrupt operations. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by verifying the installed versions of Update Navi and Update Navi Install Service on your system. You can check the version of Update Navi by opening the application from the Start menu and clicking "Version Information" at the bottom left of the screen. If the versions are between V1.4 L10 to L33 for Update Navi or Service 1.2.0091 to 1.2.0125 for Update Navi Install Service, the system is vulnerable. There are no specific network detection commands provided. For system detection, you can use Windows PowerShell or Command Prompt to check installed software versions, for example, using commands like `Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like '*Update Navi*' } | Select-Object Name, Version` to list installed Update Navi versions. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, update Update Navi to version V1.4L34 or later and Update Navi Install Service to version 1.2.0127 or later. For Update Navi, update via the Microsoft Store on Windows 10 or Windows 11 and confirm the update completion under recent updates. For Update Navi Install Service, launch Update Navi, click "Check latest information from Fujitsu" at the top, and wait for the update confirmation screen. After updating, re-verify the versions to ensure the latest patched versions are installed. Keeping the product running and connected to the Internet also allows automatic application of updates. [1, 2]