CVE-2025-62577
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-62577, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-20

Last updated on: 2025-11-03

Assigner: JPCERT/CC

Description

ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-20
Last Modified
2025-11-03
Generated
2026-07-06
AI Q&A
2025-10-20
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 11 associated CPEs
Vendor Product Version / Range
fsas_technologies eternus_sf_storage_cruiser 16.4
fsas_technologies eternus_sf_advancedcopy_manager_standard_edition 16.2
fsas_technologies eternus_sf_advancedcopy_manager_standard_edition 16.9.1
fsas_technologies eternus_sf_express 16.9.1
fsas_technologies eternus_sf_storage_cruiser 16.2
fsas_technologies eternus_sf_express 16.4
fsas_technologies eternus_sf_storage_cruiser 16.9.1
fsas_technologies eternus_sf_advancedcopy_manager_standard_edition 16.4
fsas_technologies eternus_sf_express 16.2
fsas_technologies eternus_sf_advancedcopy_manager_standard_edition 15.0
fsas_technologies eternus_sf_storage_cruiser 15.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, immediately apply the patch released by Fsas Technologies Inc. starting from October 20, 2025. Users with a Support Desk contract can download and apply the patch via the SupportDesk-Web portal. Those without a contract can obtain the patch from Fujitsu's official website under the "News & Topics" β†’ "Important Notices" section. Follow the developer's instructions carefully to remediate the incorrect default permissions vulnerability and prevent unauthorized execution of OS commands with administrator privileges. [1, 2, 3]

Impact Analysis

This vulnerability can allow a low-privileged user to escalate their privileges by obtaining database credentials and executing OS commands with administrator rights. This could lead to unauthorized administrative control over the system, compromising confidentiality, integrity, and availability of the affected system. [1, 2, 3]

Executive Summary

CVE-2025-62577 is an incorrect default permissions vulnerability in ETERNUS SF by Fsas Technologies Inc. It allows a low-privileged user with access to the management server to obtain database credentials. With these credentials, the user can potentially execute operating system commands with administrator privileges, leading to a significant security risk. [1, 2, 3]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62577. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart