CVE-2025-62577
BaseFortify
Publication date: 2025-10-20
Last updated on: 2025-11-03
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fsas_technologies | eternus_sf_storage_cruiser | 16.4 |
| fsas_technologies | eternus_sf_advancedcopy_manager_standard_edition | 16.2 |
| fsas_technologies | eternus_sf_advancedcopy_manager_standard_edition | 16.9.1 |
| fsas_technologies | eternus_sf_express | 16.9.1 |
| fsas_technologies | eternus_sf_storage_cruiser | 16.2 |
| fsas_technologies | eternus_sf_express | 16.4 |
| fsas_technologies | eternus_sf_storage_cruiser | 16.9.1 |
| fsas_technologies | eternus_sf_advancedcopy_manager_standard_edition | 16.4 |
| fsas_technologies | eternus_sf_express | 16.2 |
| fsas_technologies | eternus_sf_advancedcopy_manager_standard_edition | 15.0 |
| fsas_technologies | eternus_sf_storage_cruiser | 15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-62577 is an incorrect default permissions vulnerability in ETERNUS SF by Fsas Technologies Inc. It allows a low-privileged user with access to the management server to obtain database credentials. With these credentials, the user can potentially execute operating system commands with administrator privileges, leading to a significant security risk. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can allow a low-privileged user to escalate their privileges by obtaining database credentials and executing OS commands with administrator rights. This could lead to unauthorized administrative control over the system, compromising confidentiality, integrity, and availability of the affected system. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately apply the patch released by Fsas Technologies Inc. starting from October 20, 2025. Users with a Support Desk contract can download and apply the patch via the SupportDesk-Web portal. Those without a contract can obtain the patch from Fujitsu's official website under the "News & Topics" β "Important Notices" section. Follow the developer's instructions carefully to remediate the incorrect default permissions vulnerability and prevent unauthorized execution of OS commands with administrator privileges. [1, 2, 3]