All the vulnerabilites related to Keiyo System Co., LTD - PC Time Tracer
cve-2025-46355
Vulnerability from cvelistv5
Published
2025-06-03 08:09
Modified
2025-06-03 13:54
Severity ?
7.3 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.0 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Keiyo System Co., LTD | PC Time Tracer |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T13:54:27.240391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T13:54:42.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PC Time Tracer",
"vendor": "Keiyo System Co., LTD",
"versions": [
{
"status": "affected",
"version": "prior to 5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T08:09:47.909Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.keiyo-system.co.jp/archives/11305"
},
{
"url": "https://jvn.jp/en/jp/JVN05562338/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-46355",
"datePublished": "2025-06-03T08:09:47.909Z",
"dateReserved": "2025-05-28T02:51:59.281Z",
"dateUpdated": "2025-06-03T13:54:42.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2025-000035
Vulnerability from jvndb
Published
2025-06-03 14:40
Modified
2025-06-03 14:40
Severity ?
Summary
Improper file access permission settings in PC Time Tracer
Details
PC Time Tracer provided by Keiyo System Co., LTD contains a vulnerability listed below.
<ul><li>Incorrect default permissions (CWE-276) - CVE-2025-46355</li></ul>
Ruslan Sayfiev and Masahiro Kawada of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN05562338/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-46355 | |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Keiyo System Co., LTD | PC Time Tracer |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000035.html",
"dc:date": "2025-06-03T14:40+09:00",
"dcterms:issued": "2025-06-03T14:40+09:00",
"dcterms:modified": "2025-06-03T14:40+09:00",
"description": "PC Time Tracer provided by Keiyo System Co., LTD contains a vulnerability listed below.\r\n\u003cul\u003e\u003cli\u003eIncorrect default permissions (CWE-276) - CVE-2025-46355\u003c/li\u003e\u003c/ul\u003e\r\n\r\nRuslan Sayfiev and Masahiro Kawada of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000035.html",
"sec:cpe": {
"#text": "cpe:/a:misc:keiyo_system_pc_time_tracer",
"@product": "PC Time Tracer",
"@vendor": "Keiyo System Co., LTD",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.3",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000035",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN05562338/index.html",
"@id": "JVN#05562338",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-46355",
"@id": "CVE-2025-46355",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Improper file access permission settings in PC Time Tracer"
}