{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-58152", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2025-10-17T08:08:12.702Z", "datePublished": "2025-10-31T05:55:02.996Z", "dateUpdated": "2025-10-31T17:07:56.496Z"}, "containers": {"cna": {"affected": [{"vendor": "Century Systems Co., Ltd.", "product": "FutureNet MA-X series", "versions": [{"version": "from 6.0.0 to 6.4.1", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet MA-E300 series", "versions": [{"version": "from 5.0.0 to 6.2.1", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet MA-S series", "versions": [{"version": "from 5.0.0 to 6.4.0", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet MA-P series", "versions": [{"version": "from 5.0.0 to 6.4.0", "status": "affected"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet IP-K series", "versions": [{"version": "from 2.0.0 to 2.2.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication."}], "problemTypes": [{"descriptions": [{"description": "Files or directories accessible to external parties", "lang": "en-US", "cweId": "CWE-552", "type": "CWE"}]}], "references": [{"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html"}, {"url": "https://jvn.jp/en/vu/JVNVU98191201/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-10-31T05:55:02.996Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-31T17:07:21.751490Z", "id": "CVE-2025-58152", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-31T17:07:56.496Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-58152", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-31T17:07:21.751490Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-31T17:07:33.107Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Century Systems Co., Ltd.", "product": "FutureNet MA-X series", "versions": [{"status": "affected", "version": "from 6.0.0 to 6.4.1"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet MA-E300 series", "versions": [{"status": "affected", "version": "from 5.0.0 to 6.2.1"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet MA-S series", "versions": [{"status": "affected", "version": "from 5.0.0 to 6.4.0"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet MA-P series", "versions": [{"status": "affected", "version": "from 5.0.0 to 6.4.0"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet IP-K series", "versions": [{"status": "affected", "version": "from 2.0.0 to 2.2.1"}]}], "references": [{"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html"}, {"url": "https://jvn.jp/en/vu/JVNVU98191201/"}], "descriptions": [{"lang": "en", "value": "FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-552", "description": "Files or directories accessible to external parties"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-10-31T05:55:02.996Z"}}}, "cveMetadata": {"cveId": "CVE-2025-58152", "state": "PUBLISHED", "dateUpdated": "2025-10-31T17:07:56.496Z", "dateReserved": "2025-10-17T08:08:12.702Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2025-10-31T05:55:02.996Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication."}], "id": "CVE-2025-58152", "lastModified": "2025-10-31T06:15:34.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2025-10-31T06:15:34.150", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/vu/JVNVU98191201/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}