CVE-2025-65002
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-14

Assigner: MITRE

Description
Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-14
Generated
2026-05-27
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-25
NVD
CVE-2025-65002
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
fujitsu primerge_cx2550_m4 *
fujitsu primerge_cx2550_m5 *
fujitsu celcius_c780 *
fujitsu primerge_cx2560_m4 *
fujitsu irmc_s6 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-65002 is a vulnerability in Fujitsu iRMC S6 on M5 devices before version 1.37S where the system mishandles Redfish/WebUI access if the username length is exactly 16 characters. This flaw affects certain Fujitsu products including workstation and server models that use the vulnerable iRMC firmware, potentially compromising system confidentiality, integrity, and availability. [1]


How can this vulnerability impact me? :

This vulnerability can impact you by compromising the confidentiality, integrity, and availability of affected systems. An attacker exploiting this flaw could potentially gain unauthorized access or disrupt system operations on vulnerable Fujitsu devices, leading to significant security risks. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include applying the available software or firmware updates for the affected Fujitsu iRMC S6 systems before version 1.37S. Ensure that your affected devices, such as CELSIUS C780 series workstations and PRIMERGY CX2550 M4, CX2560 M4, CX2550 M5 servers, are updated with the latest iRMC firmware to remediate the vulnerability. Follow the remediation instructions provided by Fsas Technologies PSIRT and monitor their Product Support website for updates and further guidance. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart