Digital Arts i-フィルター products have been configured with incorrect default permissions on sensitive files within system and backup directories. As a consequence, a regular user lacking administrative privileges can create or overwrite files in these directories, which may allow the deployment of malicious code or the modification of critical files. The flaw could lead to local privilege escalation or persistence on the affected machines.

The vulnerability affects multiple products from Digital Arts Inc., including Digital Arts@Cloud Agent for Windows, i-FILTER ブラウザー＆クラウド MultiAgent for Windows, i-フィルター 10, i-フィルター 6.0, i-フィルター for ZAQ, i-フィルター for ネットカフェ, i-フィルター for プロバイダー, and i-フィルター for マルチデバイス, as well as Fujitsu Limited’s i-FILTER Browser & Cloud MultiAgent for Windows, Inventit Inc.’s MobiConnect i-FILTER Browser Option MultiAgent for Windows, and OPTiM Corporation’s Optimal Biz Web Filtering Powered by i-FILTER. The CVE does not list specific version ranges, so any released version of these products is potentially affected.

The CVSS score of 6.8 indicates moderate severity, while the EPSS score of less than 1% shows that exploitation is considered unlikely under current threat data. The flaw is not listed in the CISA KEV catalog, which means there are no publicly confirmed leveraged exploits. An attacker would need local access to a machine running one of the affected products and would exploit the improper file permissions to write malicious binaries or scripts to a system or backup directory, a step that does not require administrative credentials. Once placed, such files could be executed to gain elevated privileges or establish persistence. The overall risk is moderate, but the impact remains significant for environments where these directories contain exploitable binaries or configuration files.