CVE-2025-49797
BaseFortify
Publication date: 2025-06-25
Last updated on: 2025-08-19
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49797 is a privilege escalation vulnerability in multiple Brother driver installers for Windows. It occurs because certain files or directories installed by these drivers are accessible to external parties, allowing an attacker to replace or manipulate these files to execute an arbitrary program with administrative privileges. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to execute arbitrary programs with administrative privileges on the affected Windows system. This can lead to full system compromise, unauthorized changes, and potentially the installation of malicious software. For Toshiba Tec devices, it may cause loss of administrative privileges but does not cause information leakage outside the product. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should re-run the latest version of the Brother driver installer provided by the vendors to update the related system files, even if the driver is already installed. For Toshiba Tec devices affected, the main unit software should be updated by an authorized service company. As a workaround for products without available updates, operate the printer within a firewall-protected network environment and use security software to prevent execution of malicious programs. [1, 2]