CVE-2025-68919
Unknown Unknown - Not Provided
Unauthorized Access Vulnerability in Fujitsu ETERNUS SF Management Software

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: MITRE

Description
Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68919
EUVD
EUVD-2025-205302
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
fujitsu eternus_sf_storage_cruiser *
fujitsu eternus_sf_advancedcopy_manager *
fujitsu eternus_sf_express *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express management software versions before 16.8-16.9.1 PA 2025-12. It allows an attacker who is not the ETERNUS SF Admin to access collected maintenance data. This unauthorized access can potentially compromise the system's confidentiality, integrity, and availability. [1]

Impact Analysis

The vulnerability can impact you by allowing an attacker with limited privileges to access sensitive maintenance data, which could lead to breaches of confidentiality. Although the attacker may not fully compromise system integrity or availability, the exposure of confidential data can have serious consequences for system security and trust. [1]

Mitigation Strategies

Immediate mitigation steps include monitoring the Fsas Technologies Product Support website for software or firmware updates addressing this vulnerability and applying those updates as soon as they become available. Since remediation is in progress, ensure your affected products are currently under service and eligible for updates. Continuous monitoring and following guidance from Fsas Technologies PSIRT are recommended. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68919. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart