FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication.
PUBLISHED5.2CWE-552
Problem type
Affected products
Century Systems Co., Ltd.
FutureNet MA-X series
from 6.0.0 to 6.4.1 - AFFECTED
FutureNet MA-E300 series
from 5.0.0 to 6.2.1 - AFFECTED
FutureNet MA-S series
from 5.0.0 to 6.4.0 - AFFECTED
FutureNet MA-P series
from 5.0.0 to 6.4.0 - AFFECTED
FutureNet IP-K series
from 2.0.0 to 2.2.1 - AFFECTED
References
centurysys.co.jp
https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html
jvn.jp
https://jvn.jp/en/vu/JVNVU98191201/
GitHub Security Advisories
GHSA-mg9h-26fx-x4qq
FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and...
https://github.com/advisories/GHSA-mg9h-26fx-x4qqFutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication.
JSON source
Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-58152",
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"dateUpdated": "2025-10-31T17:07:56.496Z",
"dateReserved": "2025-10-17T08:08:12.702Z",
"datePublished": "2025-10-31T05:55:02.996Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert",
"dateUpdated": "2025-10-31T05:55:02.996Z"
},
"descriptions": [
{
"lang": "en",
"value": "FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication."
}
],
"affected": [
{
"vendor": "Century Systems Co., Ltd.",
"product": "FutureNet MA-X series",
"versions": [
{
"version": "from 6.0.0 to 6.4.1",
"status": "affected"
}
]
},
{
"vendor": "Century Systems Co., Ltd.",
"product": "FutureNet MA-E300 series",
"versions": [
{
"version": "from 5.0.0 to 6.2.1",
"status": "affected"
}
]
},
{
"vendor": "Century Systems Co., Ltd.",
"product": "FutureNet MA-S series",
"versions": [
{
"version": "from 5.0.0 to 6.4.0",
"status": "affected"
}
]
},
{
"vendor": "Century Systems Co., Ltd.",
"product": "FutureNet MA-P series",
"versions": [
{
"version": "from 5.0.0 to 6.4.0",
"status": "affected"
}
]
},
{
"vendor": "Century Systems Co., Ltd.",
"product": "FutureNet IP-K series",
"versions": [
{
"version": "from 2.0.0 to 2.2.1",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en-US",
"description": "Files or directories accessible to external parties",
"cweId": "CWE-552",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98191201/"
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
},
{
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-10-31T17:07:56.496Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}