All the vulnerabilites related to OPEN, Inc. - BizRobo!
jvndb-2025-000026
Vulnerability from jvndb
Published
2025-04-10 15:36
Modified
2025-04-10 15:36
Severity ?
Summary
Multiple vulnerabilities in BizRobo!
Details
BizRobo! is an RPA (Robotic Process Automation) software provided by OPEN, Inc. Users compile an automation flow using DesignStudio, a development application that runs on Windows, and create robot files. A web application Management Console is provided to schedule RPA execution and to check the execution logs.
BizRobo! contains multiple vulnerabilities listed below. <ul><li>Use of hard-coded cryptographic key (CWE-321) - CVE-2025-31362</li><li>Deserialization of untrusted data in the import function (CWE-502) - <a href="https://www.cve.org/CVERecord?id=CVE-2013-7285">CVE-2013-7285</a></li><li>Deserialization of untrusted data in Design Studio license authorization (CWE-502) - CVE-2025-31932</li></ul>
Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| OPEN, Inc. | BizRobo! | |
| OPEN, Inc. | BizRobo! |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000026.html",
"dc:date": "2025-04-10T15:36+09:00",
"dcterms:issued": "2025-04-10T15:36+09:00",
"dcterms:modified": "2025-04-10T15:36+09:00",
"description": "BizRobo! is an RPA (Robotic Process Automation) software provided by OPEN, Inc. Users compile an automation flow using DesignStudio, a development application that runs on Windows, and create robot files. A web application Management Console is provided to schedule RPA execution and to check the execution logs.\r\n\r\nBizRobo! contains multiple vulnerabilities listed below. \u003cul\u003e\u003cli\u003eUse of hard-coded cryptographic key (CWE-321) - CVE-2025-31362\u003c/li\u003e\u003cli\u003eDeserialization of untrusted data in the import function (CWE-502) - \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2013-7285\"\u003eCVE-2013-7285\u003c/a\u003e\u003c/li\u003e\u003cli\u003eDeserialization of untrusted data in Design Studio license authorization (CWE-502) - CVE-2025-31932\u003c/li\u003e\u003c/ul\u003e\r\nMasamu Asato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000026.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:open_bizrobo%21",
"@product": "BizRobo!",
"@vendor": "OPEN, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:open_bizrobo%21",
"@product": "BizRobo!",
"@vendor": "OPEN, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000026",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN30641875/index.html",
"@id": "JVN#30641875",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-31362",
"@id": "CVE-2025-31362",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-31932",
"@id": "CVE-2025-31932",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in BizRobo!"
}
cve-2025-31362
Vulnerability from cvelistv5
Published
2025-04-11 09:38
Modified
2025-04-11 14:36
Severity ?
EPSS score ?
Summary
Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available.
The vendor provides the workaround information and recommends to apply it to the deployment environment.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| OPEN, Inc. | BizRobo! |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T14:36:14.079306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T14:36:44.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BizRobo!",
"vendor": "OPEN, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available.\r\nThe vendor provides the workaround information and recommends to apply it to the deployment environment."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of hard-coded cryptographic key",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T09:38:43.242Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39951710517145"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39952052043289"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39953373809305"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/360029772271"
},
{
"url": "https://jvn.jp/en/jp/JVN30641875/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-31362",
"datePublished": "2025-04-11T09:38:43.242Z",
"dateReserved": "2025-04-02T01:34:56.875Z",
"dateUpdated": "2025-04-11T14:36:44.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-31932
Vulnerability from cvelistv5
Published
2025-04-11 09:38
Modified
2025-04-11 14:34
Severity ?
EPSS score ?
Summary
Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console.
The vendor provides the workaround information and recommends to apply it to the deployment environment.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| OPEN, Inc. | BizRobo! |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T14:34:41.494488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T14:34:57.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BizRobo!",
"vendor": "OPEN, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console.\r\nThe vendor provides the workaround information and recommends to apply it to the deployment environment."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of untrusted data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T09:38:50.657Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39951710517145"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39952052043289"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39953373809305"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/360029772271"
},
{
"url": "https://jvn.jp/en/jp/JVN30641875/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-31932",
"datePublished": "2025-04-11T09:38:50.657Z",
"dateReserved": "2025-04-02T01:34:59.088Z",
"dateUpdated": "2025-04-11T14:34:57.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}