CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 07 Aug 2025 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Sato
Sato cl4nx-j Plus
Sato cl4nx Plus
Sato cl6nx-j Plus
Sato cl6nx Plus
Vendors & Products Sato
Sato cl4nx-j Plus
Sato cl4nx Plus
Sato cl6nx-j Plus
Sato cl6nx Plus

Wed, 06 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 06 Aug 2025 10:00:00 +0000

Type Values Removed Values Added
Description CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege.
Weaknesses CWE-434
References
Metrics cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2025-08-06T13:26:42.242Z

Reserved: 2025-01-07T02:31:49.639Z

Link: CVE-2025-22470

cve-icon Vulnrichment

Updated: 2025-08-06T13:26:22.909Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-06T10:15:35.220

Modified: 2025-08-06T20:23:37.600

Link: CVE-2025-22470

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-06T15:12:37Z