CVE-2025-59479
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-23
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| inaba | ib-mct001_firmware | * |
| inaba | ib-mct001 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1021 | The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-59479 is a clickjacking vulnerability in the CHOCO TEI WATCHER mini (IB-MCT001) device. It occurs because the product improperly restricts rendered UI layers or frames, allowing a malicious web page to trick a logged-in user into clicking on hidden or disguised content. This can cause unintended operations to be performed on the device without the user's knowledge. [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability can cause unintended operations on the CHOCO TEI WATCHER mini device when a user clicks on malicious web content while logged in. This could lead to unauthorized actions being performed on the device, potentially disrupting its normal operation or causing security issues. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting the use of the CHOCO TEI WATCHER mini device to trusted LAN environments and limiting access from untrusted networks or hosts. If the device must be connected to the internet, employ firewalls or Virtual Private Networks (VPNs) to prevent unauthorized access and minimize the scope of internet exposure. Additionally, users should refer to the product manual for detailed configuration changes to enhance security. [1, 2]