CVE-2025-54763
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-54763, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-31

Last updated on: 2025-11-04

Assigner: JPCERT/CC

Description

FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-31
Last Modified
2025-11-04
Generated
2026-07-06
AI Q&A
2025-10-31
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 10 associated CPEs
Vendor Product Version / Range
century_systems future_net_ma_s 5.0.0
century_systems future_net_ip_k 2.0.0
century_systems future_net_ma 6.4.1
century_systems future_net_ma_e300 5.0.0
century_systems future_net_ip_k 2.2.1
century_systems future_net_ma_p 5.0.0
century_systems future_net_ma 6.0.0
century_systems future_net_ma_e300 6.2.1
century_systems future_net_ma_s 6.4.0
century_systems future_net_ma_p 6.4.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-54763 is an OS command injection vulnerability in Century Systems' FutureNet MA and IP-K series devices. It allows an authenticated user with high privileges who logs into the product's Web UI to execute arbitrary operating system commands. This means the attacker can run any command on the underlying system, potentially compromising the device. [1]

Impact Analysis

This vulnerability can severely impact you by allowing an authenticated high-privilege user to execute arbitrary OS commands on the affected device. This can lead to full system compromise, including unauthorized access, data manipulation, disruption of services, and potential control over the device's operations, threatening system integrity and availability. [1]

Mitigation Strategies

Immediate steps to mitigate CVE-2025-54763 include updating the firmware to the latest patched versions provided by Century Systems for each affected series. If immediate updates are not possible, temporary risk reduction measures include strengthening access restrictions by configuring filters to allow communication only from trusted IP addresses and disabling the web server functionality on MA series devices. However, these interim measures do not fully eliminate the risk, and applying the firmware updates is mandatory for complete resolution. [1, 2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54763. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart