CVE-2025-30485

medium

Description

UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.

References

https://www.centurysys.co.jp/backnumber/common/jvnvu92821536.html

https://jvn.jp/en/vu/JVNVU92821536/

Details

Source: Mitre, NVD

Published: 2025-04-03

Updated: 2025-04-07

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 6.2

Vector: CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H