Description
UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.
Published: 2025-04-03
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9602 UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.
History

Thu, 03 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 03 Apr 2025 06:45:00 +0000

Type Values Removed Values Added
Description UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.
Weaknesses CWE-61
References
Metrics cvssV3_0

{'score': 6.2, 'vector': 'CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2025-04-03T13:41:26.206Z

Reserved: 2025-03-24T00:55:23.294Z

Link: CVE-2025-30485

cve-icon Vulnrichment

Updated: 2025-04-03T13:41:07.196Z

cve-icon NVD

Status : Deferred

Published: 2025-04-03T07:15:41.110

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-30485

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses