CVE-2025-62577

high

Description

ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.

References

https://www.fujitsu.com/global/support/products/computing/storage/20251020/index.html

https://www.fsastech.com/ja-jp/resources/security/2025/1020.html

https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-STR-2025-102005-Security-Notice.pdf

https://jvn.jp/en/jp/JVN44266462/

Details

Source: Mitre, NVD

Published: 2025-10-20

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.4

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Severity: High

EPSS

EPSS: 0.0001