CVE-2025-54763
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-11-04
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| century_systems | future_net_ma_s | 5.0.0 |
| century_systems | future_net_ip_k | 2.0.0 |
| century_systems | future_net_ma | 6.4.1 |
| century_systems | future_net_ma_e300 | 5.0.0 |
| century_systems | future_net_ip_k | 2.2.1 |
| century_systems | future_net_ma_p | 5.0.0 |
| century_systems | future_net_ma | 6.0.0 |
| century_systems | future_net_ma_e300 | 6.2.1 |
| century_systems | future_net_ma_s | 6.4.0 |
| century_systems | future_net_ma_p | 6.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54763 is an OS command injection vulnerability in Century Systems' FutureNet MA and IP-K series devices. It allows an authenticated user with high privileges who logs into the product's Web UI to execute arbitrary operating system commands. This means the attacker can run any command on the underlying system, potentially compromising the device. [1]
How can this vulnerability impact me? :
This vulnerability can severely impact you by allowing an authenticated high-privilege user to execute arbitrary OS commands on the affected device. This can lead to full system compromise, including unauthorized access, data manipulation, disruption of services, and potential control over the device's operations, threatening system integrity and availability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate steps to mitigate CVE-2025-54763 include updating the firmware to the latest patched versions provided by Century Systems for each affected series. If immediate updates are not possible, temporary risk reduction measures include strengthening access restrictions by configuring filters to allow communication only from trusted IP addresses and disabling the web server functionality on MA series devices. However, these interim measures do not fully eliminate the risk, and applying the firmware updates is mandatory for complete resolution. [1, 2]