CVE-2025-30485 - Vulnerability Details - OpenCVE

UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00077.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-9602	UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://jvn.jp/en/vu/JVNVU92821536/
https://www.centurysys.co.jp/backnumber/common/jvnvu92821536.html

History

Thu, 03 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 03 Apr 2025 06:45:00 +0000

Type	Values Removed	Values Added
Description		UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.
Weaknesses		CWE-61
References		https://jvn.jp/en/vu/JVNVU92821536/ https://www.centurysys.co.jp/backnumber/common/jvnvu92821536.html
Metrics		cvssV3_0 `{'score': 6.2, 'vector': 'CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2025-04-03T06:18:36.311Z

Updated: 2025-04-03T13:41:26.206Z

Reserved: 2025-03-24T00:55:23.294Z

Link: CVE-2025-30485

Vulnrichment

Updated: 2025-04-03T13:41:07.196Z

NVD

Status : Awaiting Analysis

Published: 2025-04-03T07:15:41.110

Modified: 2025-04-07T14:18:34.453

Link: CVE-2025-30485

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-30485", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2025-03-24T00:55:23.294Z", "datePublished": "2025-04-03T06:18:36.311Z", "dateUpdated": "2025-04-03T13:41:26.206Z"}, "containers": {"cna": {"affected": [{"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-1420", "versions": [{"version": "firmware version 31.0.1 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-1300 series", "versions": [{"version": "firmware version 7.4.12 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-650", "versions": [{"version": "firmware version 21.16.5 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-610X series", "versions": [{"version": "firmware version 21.14.11D and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-530", "versions": [{"version": "firmware version 21.11.15 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-350/C", "versions": [{"version": "firmware version 5.30.9C and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-230/C", "versions": [{"version": "firmware version 5.30.13 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-160/LW", "versions": [{"version": "firmware version 21.8.4 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G540 series", "versions": [{"version": "firmware version 21.17.0", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G260 series", "versions": [{"version": "firmware version 9.12.17 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G240 series", "versions": [{"version": "firmware version 9.12.17 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G180/L-CA", "versions": [{"version": "firmware version 21.7.33 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G120 series", "versions": [{"version": "firmware version 21.15.2C1 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G110 series", "versions": [{"version": "firmware version 21.15.10 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G100 series", "versions": [{"version": "firmware version 6.23.11 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G060 series", "versions": [{"version": "firmware version 21.15.6C2 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G050 series", "versions": [{"version": "firmware version 21.12.11 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet VXR-x64", "versions": [{"version": "firmware version 21.7.33 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet VXR-x86", "versions": [{"version": "firmware version 10.1.5 and earlier", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-1200", "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-130/C", "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-155/C-L", "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-155/C-XW", "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-155/C-WM", "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-125/CX", "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-120/C", "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G100/SLW", "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G100/SL", "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G100/S", "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G100/N", "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G100/F", "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet WXR-250", "versions": [{"version": "N/A", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files."}], "problemTypes": [{"descriptions": [{"description": "UNIX symbolic link (Symlink) following", "lang": "en-US", "cweId": "CWE-61", "type": "CWE"}]}], "references": [{"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu92821536.html"}, {"url": "https://jvn.jp/en/vu/JVNVU92821536/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "MEDIUM", "baseScore": 6.2, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-04-03T06:18:36.311Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-03T13:39:37.971930Z", "id": "CVE-2025-30485", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-03T13:41:26.206Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30485", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-03T13:39:37.971930Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-03T13:41:07.196Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-1420", "versions": [{"status": "affected", "version": "firmware version 31.0.1 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-1300 series", "versions": [{"status": "affected", "version": "firmware version 7.4.12 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-650", "versions": [{"status": "affected", "version": "firmware version 21.16.5 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-610X series", "versions": [{"status": "affected", "version": "firmware version 21.14.11D and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-530", "versions": [{"status": "affected", "version": "firmware version 21.11.15 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-350/C", "versions": [{"status": "affected", "version": "firmware version 5.30.9C and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-230/C", "versions": [{"status": "affected", "version": "firmware version 5.30.13 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-160/LW", "versions": [{"status": "affected", "version": "firmware version 21.8.4 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G540 series", "versions": [{"status": "affected", "version": "firmware version 21.17.0"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G260 series", "versions": [{"status": "affected", "version": "firmware version 9.12.17 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G240 series", "versions": [{"status": "affected", "version": "firmware version 9.12.17 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G180/L-CA", "versions": [{"status": "affected", "version": "firmware version 21.7.33 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G120 series", "versions": [{"status": "affected", "version": "firmware version 21.15.2C1 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G110 series", "versions": [{"status": "affected", "version": "firmware version 21.15.10 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G100 series", "versions": [{"status": "affected", "version": "firmware version 6.23.11 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G060 series", "versions": [{"status": "affected", "version": "firmware version 21.15.6C2 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G050 series", "versions": [{"status": "affected", "version": "firmware version 21.12.11 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet VXR-x64", "versions": [{"status": "affected", "version": "firmware version 21.7.33 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet VXR-x86", "versions": [{"status": "affected", "version": "firmware version 10.1.5 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-1200", "versions": [{"status": "affected", "version": "N/A"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-130/C", "versions": [{"status": "affected", "version": "N/A"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-155/C-L", "versions": [{"status": "affected", "version": "N/A"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-155/C-XW", "versions": [{"status": "affected", "version": "N/A"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-155/C-WM", "versions": [{"status": "affected", "version": "N/A"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-125/CX", "versions": [{"status": "affected", "version": "N/A"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-120/C", "versions": [{"status": "affected", "version": "N/A"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G100/SLW", "versions": [{"status": "affected", "version": "N/A"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G100/SL", "versions": [{"status": "affected", "version": "N/A"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G100/S", "versions": [{"status": "affected", "version": "N/A"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G100/N", "versions": [{"status": "affected", "version": "N/A"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet NXR-G100/F", "versions": [{"status": "affected", "version": "N/A"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet WXR-250", "versions": [{"status": "affected", "version": "N/A"}]}], "references": [{"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu92821536.html"}, {"url": "https://jvn.jp/en/vu/JVNVU92821536/"}], "descriptions": [{"lang": "en", "value": "UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-61", "description": "UNIX symbolic link (Symlink) following"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-04-03T06:18:36.311Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30485", "state": "PUBLISHED", "dateUpdated": "2025-04-03T13:41:26.206Z", "dateReserved": "2025-03-24T00:55:23.294Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2025-04-03T06:18:36.311Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}