CVE-2025-62577
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-20

Last updated on: 2025-11-03

Assigner: JPCERT/CC

Description
ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-20
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-10-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62577
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
fsas_technologies eternus_sf_storage_cruiser 16.4
fsas_technologies eternus_sf_advancedcopy_manager_standard_edition 16.2
fsas_technologies eternus_sf_advancedcopy_manager_standard_edition 16.9.1
fsas_technologies eternus_sf_express 16.9.1
fsas_technologies eternus_sf_storage_cruiser 16.2
fsas_technologies eternus_sf_express 16.4
fsas_technologies eternus_sf_storage_cruiser 16.9.1
fsas_technologies eternus_sf_advancedcopy_manager_standard_edition 16.4
fsas_technologies eternus_sf_express 16.2
fsas_technologies eternus_sf_advancedcopy_manager_standard_edition 15.0
fsas_technologies eternus_sf_storage_cruiser 15.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can allow a low-privileged user to escalate their privileges by obtaining database credentials and executing OS commands with administrator rights. This could lead to unauthorized administrative control over the system, compromising confidentiality, integrity, and availability of the affected system. [1, 2, 3]

Executive Summary

CVE-2025-62577 is an incorrect default permissions vulnerability in ETERNUS SF by Fsas Technologies Inc. It allows a low-privileged user with access to the management server to obtain database credentials. With these credentials, the user can potentially execute operating system commands with administrator privileges, leading to a significant security risk. [1, 2, 3]

Mitigation Strategies

To mitigate this vulnerability, immediately apply the patch released by Fsas Technologies Inc. starting from October 20, 2025. Users with a Support Desk contract can download and apply the patch via the SupportDesk-Web portal. Those without a contract can obtain the patch from Fujitsu's official website under the "News & Topics" β†’ "Important Notices" section. Follow the developer's instructions carefully to remediate the incorrect default permissions vulnerability and prevent unauthorized execution of OS commands with administrator privileges. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62577. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart