CVE-2025-59479
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-23

Assigner: JPCERT/CC

Description
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59479
EUVD
EUVD-2025-203503
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
inaba ib-mct001_firmware *
inaba ib-mct001 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1021 The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-59479 is a clickjacking vulnerability in the CHOCO TEI WATCHER mini (IB-MCT001) device. It occurs because the product improperly restricts rendered UI layers or frames, allowing a malicious web page to trick a logged-in user into clicking on hidden or disguised content. This can cause unintended operations to be performed on the device without the user's knowledge. [1, 2]

Impact Analysis

If exploited, this vulnerability can cause unintended operations on the CHOCO TEI WATCHER mini device when a user clicks on malicious web content while logged in. This could lead to unauthorized actions being performed on the device, potentially disrupting its normal operation or causing security issues. [1, 2]

Mitigation Strategies

Immediate mitigation steps include restricting the use of the CHOCO TEI WATCHER mini device to trusted LAN environments and limiting access from untrusted networks or hosts. If the device must be connected to the internet, employ firewalls or Virtual Private Networks (VPNs) to prevent unauthorized access and minimize the scope of internet exposure. Additionally, users should refer to the product manual for detailed configuration changes to enhance security. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59479. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart