Incorrect default permissions in Fsas Technologies products - CVE-2025-62577
Published: November 5, 2025
Vulnerability identifier: #VU118099
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-62577
CWE-ID: CWE-276
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Fsas Technologies
Affected software:
ETERNUS SF AdvancedCopy Manager Standard Edition for Solaris
ETERNUS SF Storage Cruiser for Solaris
ETERNUS SF AdvancedCopy Manager Standard Edition for RHEL
ETERNUS SF Express for RHEL
ETERNUS SF Storage Cruiser for RHEL
ETERNUS SF AdvancedCopy Manager Standard Edition for Windows Server
ETERNUS SF Express for Windows Server
ETERNUS SF Storage Cruiser for Windows Server
ETERNUS SF AdvancedCopy Manager Standard Edition for Solaris
ETERNUS SF Storage Cruiser for Solaris
ETERNUS SF AdvancedCopy Manager Standard Edition for RHEL
ETERNUS SF Express for RHEL
ETERNUS SF Storage Cruiser for RHEL
ETERNUS SF AdvancedCopy Manager Standard Edition for Windows Server
ETERNUS SF Express for Windows Server
ETERNUS SF Storage Cruiser for Windows Server
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions. A local user with access to the management server can obtain database credentials, leading to execution of OS commands with administrator privileges.
How to mitigate CVE-2025-62577
Install updates from vendor's website.