CVE-2025-54763
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-31

Last updated on: 2025-11-04

Assigner: JPCERT/CC

Description
FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-31
Last Modified
2025-11-04
Generated
2026-06-16
AI Q&A
2025-10-31
EPSS Evaluated
2026-06-15
NVD
CVE-2025-54763
EUVD
EUVD-2025-37304
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
century_systems future_net_ma_s 5.0.0
century_systems future_net_ip_k 2.0.0
century_systems future_net_ma 6.4.1
century_systems future_net_ma_e300 5.0.0
century_systems future_net_ip_k 2.2.1
century_systems future_net_ma_p 5.0.0
century_systems future_net_ma 6.0.0
century_systems future_net_ma_e300 6.2.1
century_systems future_net_ma_s 6.4.0
century_systems future_net_ma_p 6.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-54763 is an OS command injection vulnerability in Century Systems' FutureNet MA and IP-K series devices. It allows an authenticated user with high privileges who logs into the product's Web UI to execute arbitrary operating system commands. This means the attacker can run any command on the underlying system, potentially compromising the device. [1]

Impact Analysis

This vulnerability can severely impact you by allowing an authenticated high-privilege user to execute arbitrary OS commands on the affected device. This can lead to full system compromise, including unauthorized access, data manipulation, disruption of services, and potential control over the device's operations, threatening system integrity and availability. [1]

Mitigation Strategies

Immediate steps to mitigate CVE-2025-54763 include updating the firmware to the latest patched versions provided by Century Systems for each affected series. If immediate updates are not possible, temporary risk reduction measures include strengthening access restrictions by configuring filters to allow communication only from trusted IP addresses and disabling the web server functionality on MA series devices. However, these interim measures do not fully eliminate the risk, and applying the firmware updates is mandatory for complete resolution. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54763. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart