cvelistv5 - cve-2025-25280

cve-2025-25280

Vulnerability from cvelistv5

Published

2025-03-03 08:25

Modified

2025-03-03 14:53

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.

References

▼	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU96398949/
	vultures@jpcert.or.jp	https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html

Impacted products

▼	Vendor	Product
	Century Systems Co., Ltd.	FutureNet AS-250/S
	Century Systems Co., Ltd.	FutureNet AS-250/F-SC
	Century Systems Co., Ltd.	FutureNet AS-250/F-KO
	Century Systems Co., Ltd.	FutureNet AS-250/NL
	Century Systems Co., Ltd.	FutureNet AS-250/KL
	Century Systems Co., Ltd.	FutureNet AS-250/KL Rev2
	Century Systems Co., Ltd.	FutureNet AS-250/L
	Century Systems Co., Ltd.	FutureNet AS-M250/L
	Century Systems Co., Ltd.	FutureNet AS-M250/KL
	Century Systems Co., Ltd.	FutureNet AS-M250/NL
	Century Systems Co., Ltd.	FutureNet AS-P250/NL
	Century Systems Co., Ltd.	FutureNet AS-P250/KL
	Century Systems Co., Ltd.	FutureNet AS-210/U4
	Century Systems Co., Ltd.	FutureNet FA-210
	Century Systems Co., Ltd.	FutureNet FA-215

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-25280",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-03T14:52:46.483841Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-03T14:53:08.462Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FutureNet AS-250/S",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 1.14.0 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet AS-250/F-SC",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 1.14.0 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet AS-250/F-KO",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 1.14.0 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet AS-250/NL",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 1.14.0 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet AS-250/KL",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 1.14.0 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet AS-250/KL Rev2",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 2.6.6 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet AS-250/L",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 2.6.6 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet AS-M250/L",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 3.0.0 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet AS-M250/KL",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 3.0.0 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet AS-M250/NL",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 3.0.0 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet AS-P250/NL",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 2.6.6 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet AS-P250/KL",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 2.6.6 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet AS-210/U4",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 2.6.6 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet FA-210",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 1.1.9 and earlier"
            }
          ]
        },
        {
          "product": "FutureNet FA-215",
          "vendor": "Century Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware Version 1.0.1 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-03T08:25:16.938Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU96398949/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2025-25280",
    "datePublished": "2025-03-03T08:25:16.938Z",
    "dateReserved": "2025-02-17T04:46:45.646Z",
    "dateUpdated": "2025-03-03T14:53:08.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-25280\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2025-03-03T09:15:39.990\",\"lastModified\":\"2025-03-03T09:15:39.990\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"vultures@jpcert.or.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"vultures@jpcert.or.jp\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"references\":[{\"url\":\"https://jvn.jp/en/vu/JVNVU96398949/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html\",\"source\":\"vultures@jpcert.or.jp\"}]}}"
  }
}

ghsa-vr9j-f779-6jqx

Vulnerability from github

Published

2025-03-03 09:30

Modified

2025-03-03 09:30

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-25280"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-03T09:15:39Z",
    "severity": "MODERATE"
  },
  "details": "Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.",
  "id": "GHSA-vr9j-f779-6jqx",
  "modified": "2025-03-03T09:30:36Z",
  "published": "2025-03-03T09:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25280"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU96398949"
    },
    {
      "type": "WEB",
      "url": "https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

cve-2025-25280

Vulnerability from jvndb

Published

2025-03-04 14:56

Modified

2025-03-04 14:56

Severity ?

7.5 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Multiple vulnerabilities in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine)

Details

FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. * Authentication Bypass (CWE-288) - CVE-2025-24846 * Buffer Overflow (CWE-120) - CVE-2025-25280 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.

References

▼	Type	URL
	JVN	https://jvn.jp/en/vu/JVNVU96398949/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2025-24846
	CVE	https://www.cve.org/CVERecord?id=CVE-2025-25280
	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120)	https://cwe.mitre.org/data/definitions/120.html
	Authentication Bypass Using an Alternate Path or Channel(CWE-288)	https://cwe.mitre.org/data/definitions/288.html

Impacted products

▼	Vendor	Product
	Century Systems Co., Ltd.	FutureNet AS-210/U4 firmware
	Century Systems Co., Ltd.	FutureNet AS-250/F-KO firmware
	Century Systems Co., Ltd.	FutureNet AS-250/F-SC firmware
	Century Systems Co., Ltd.	FutureNet AS-250/KL firmware
	Century Systems Co., Ltd.	FutureNet AS-250/KL Rev2 firmware
	Century Systems Co., Ltd.	FutureNet AS-250/L firmware
	Century Systems Co., Ltd.	FutureNet AS-250/NL firmware
	Century Systems Co., Ltd.	FutureNet AS-250/S firmware
	Century Systems Co., Ltd.	FutureNet AS-M250/KL firmware
	Century Systems Co., Ltd.	FutureNet AS-M250/L firmware
	Century Systems Co., Ltd.	FutureNet AS-M250/NL firmware
	Century Systems Co., Ltd.	FutureNet AS-P250/KL firmware
	Century Systems Co., Ltd.	FutureNet AS-P250/NL firmware
	Century Systems Co., Ltd.	FutureNet FA-210 firmware
	Century Systems Co., Ltd.	FutureNet FA-215 firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-001898.html",
  "dc:date": "2025-03-04T14:56+09:00",
  "dcterms:issued": "2025-03-04T14:56+09:00",
  "dcterms:modified": "2025-03-04T14:56+09:00",
  "description": "FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below.\r\n\r\n  * Authentication Bypass (CWE-288) - CVE-2025-24846\r\n  * Buffer Overflow (CWE-120) - CVE-2025-25280\r\n\r\nChuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-001898.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:centurysys:futurenet_as-210/u4_firmware",
      "@product": "FutureNet AS-210/U4 firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_as-250/f-ko_firmware",
      "@product": "FutureNet AS-250/F-KO firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_as-250/f-sc_firmware",
      "@product": "FutureNet AS-250/F-SC firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_as-250/kl_firmware",
      "@product": "FutureNet AS-250/KL firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_as-250/kl_rev2_firmware",
      "@product": "FutureNet AS-250/KL Rev2 firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_as-250/l_firmware",
      "@product": "FutureNet AS-250/L firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_as-250/nl_firmware",
      "@product": "FutureNet AS-250/NL firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_as-250/s_firmware",
      "@product": "FutureNet AS-250/S firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_as-m250/kl_firmware",
      "@product": "FutureNet AS-M250/KL firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_as-m250/l_firmware",
      "@product": "FutureNet AS-M250/L firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_as-m250/nl_firmware",
      "@product": "FutureNet AS-M250/NL firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_as-p250/kl_firmware",
      "@product": "FutureNet AS-P250/KL firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_as-p250/nl_firmware",
      "@product": "FutureNet AS-P250/NL firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_fa-210_firmware",
      "@product": "FutureNet FA-210 firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:centurysys:futurenet_fa-215_firmware",
      "@product": "FutureNet FA-215 firmware",
      "@vendor": "Century Systems Co., Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.5",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2025-001898",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU96398949/index.html",
      "@id": "JVNVU#96398949",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-24846",
      "@id": "CVE-2025-24846",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-25280",
      "@id": "CVE-2025-25280",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/120.html",
      "@id": "CWE-120",
      "@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/288.html",
      "@id": "CWE-288",
      "@title": "Authentication Bypass Using an Alternate Path or Channel(CWE-288)"
    }
  ],
  "title": "Multiple vulnerabilities in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine)"
}

Action not permitted

cve-2025-25280

Vulnerability from cvelistv5

ghsa-vr9j-f779-6jqx

Vulnerability from github

cve-2025-25280

Vulnerability from jvndb

Tags