CVE-2025-68919
Unauthorized Access Vulnerability in Fujitsu ETERNUS SF Management Software
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fujitsu | eternus_sf_storage_cruiser | * |
| fujitsu | eternus_sf_advancedcopy_manager | * |
| fujitsu | eternus_sf_express | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express management software versions before 16.8-16.9.1 PA 2025-12. It allows an attacker who is not the ETERNUS SF Admin to access collected maintenance data. This unauthorized access can potentially compromise the system's confidentiality, integrity, and availability. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with limited privileges to access sensitive maintenance data, which could lead to breaches of confidentiality. Although the attacker may not fully compromise system integrity or availability, the exposure of confidential data can have serious consequences for system security and trust. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include monitoring the Fsas Technologies Product Support website for software or firmware updates addressing this vulnerability and applying those updates as soon as they become available. Since remediation is in progress, ensure your affected products are currently under service and eligible for updates. Continuous monitoring and following guidance from Fsas Technologies PSIRT are recommended. [1]