CVE-2025-68919
Unknown Unknown - Not Provided

Unauthorized Access Vulnerability in Fujitsu ETERNUS SF Management Software

Vulnerability report for CVE-2025-68919, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: MITRE

Description

Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and availability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-07-06
AI Q&A
2025-12-24
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
fujitsu eternus_sf_storage_cruiser *
fujitsu eternus_sf_advancedcopy_manager *
fujitsu eternus_sf_express *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express management software versions before 16.8-16.9.1 PA 2025-12. It allows an attacker who is not the ETERNUS SF Admin to access collected maintenance data. This unauthorized access can potentially compromise the system's confidentiality, integrity, and availability. [1]

Impact Analysis

The vulnerability can impact you by allowing an attacker with limited privileges to access sensitive maintenance data, which could lead to breaches of confidentiality. Although the attacker may not fully compromise system integrity or availability, the exposure of confidential data can have serious consequences for system security and trust. [1]

Mitigation Strategies

Immediate mitigation steps include monitoring the Fsas Technologies Product Support website for software or firmware updates addressing this vulnerability and applying those updates as soon as they become available. Since remediation is in progress, ensure your affected products are currently under service and eligible for updates. Continuous monitoring and following guidance from Fsas Technologies PSIRT are recommended. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68919. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart