CVE-2025-30485

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-30485

6.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability : 0.3 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

U

NIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.

References
Link Resource
https://jvn.jp/en/vu/JVNVU92821536/
https://www.centurysys.co.jp/backnumber/common/jvnvu92821536.html
Configurations

No configuration.

History

07 Apr 2025, 14:18

Type Values Removed Values Added
Summary
  • (es) El siguiente problema de enlace simbólico UNIX (Symlink) existe en los routers FutureNet de las series NXR, VXR y WXR. Al conectar al producto afectado un dispositivo de almacenamiento externo que contenga archivos de enlace simbólico maliciosos, un usuario administrador con sesión iniciada podría obtener o destruir archivos internos.

03 Apr 2025, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-03 07:15

Updated : 2025-04-07 14:18

NVD link : CVE-2025-30485

Mitre link : CVE-2025-30485

CVE.ORG link : CVE-2025-30485

JSON object : View

Products Affected

No product.

CWE
CWE-61

UNIX Symbolic Link (Symlink) Following