jvndb-2025-008145
Vulnerability from jvndb
Published
2025-07-08 14:08
Modified
2025-07-08 14:08
Severity ?
Summary
Epson Web Installer for Mac vulnerable to missing authentication for critical function
Details
Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability.
Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON's products. It contains "helper tool" and launches it in the middle of the execution.
"helper tool" contains the following vulnerability.
<ul><li>Missing authentication for critical function (CWE-306) - CVE-2025-4960</li>
<ul><li>This is exploitable only while "helper tool" is running.</li></ul>
</ul>
Carlos Garrido of Pentraze Cybersecurity reported this vulnerability to SEIKO EPSON CORPORATION and coordinated. After the coordination was completed, SEIKO EPSON CORPORATION reported the case to JPCERT/CC to notify users of the solution through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU93543156/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-4960 | |
| Missing Authentication for Critical Function(CWE-306) | https://cwe.mitre.org/data/definitions/306.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SEIKO EPSON CORPORATION | (Multiple Products) |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-008145.html",
"dc:date": "2025-07-08T14:08+09:00",
"dcterms:issued": "2025-07-08T14:08+09:00",
"dcterms:modified": "2025-07-08T14:08+09:00",
"description": "Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability.\r\nEpson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON\u0027s products. It contains \"helper tool\" and launches it in the middle of the execution.\r\n\r\n\"helper tool\" contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eMissing authentication for critical function (CWE-306) - CVE-2025-4960\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eThis is exploitable only while \"helper tool\" is running.\u003c/li\u003e\u003c/ul\u003e\r\n\u003c/ul\u003e\r\nCarlos Garrido of Pentraze Cybersecurity reported this vulnerability to SEIKO EPSON CORPORATION and coordinated. After the coordination was completed, SEIKO EPSON CORPORATION reported the case to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-008145.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-008145",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93543156/index.html",
"@id": "JVNVU#93543156",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-4960",
"@id": "CVE-2025-4960",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/306.html",
"@id": "CWE-306",
"@title": "Missing Authentication for Critical Function(CWE-306)"
}
],
"title": "Epson Web Installer for Mac vulnerable to missing authentication for critical function"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.