#VU118099 Incorrect default permissions in Fsas Technologies products - CVE-2025-62577
Published: November 5, 2025
Vulnerability identifier: #VU118099
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-62577
CWE-ID: CWE-276
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
ETERNUS SF AdvancedCopy Manager Standard Edition for Solaris
ETERNUS SF Storage Cruiser for Solaris
ETERNUS SF AdvancedCopy Manager Standard Edition for RHEL
ETERNUS SF Express for RHEL
ETERNUS SF Storage Cruiser for RHEL
ETERNUS SF AdvancedCopy Manager Standard Edition for Windows Server
ETERNUS SF Express for Windows Server
ETERNUS SF Storage Cruiser for Windows Server
ETERNUS SF AdvancedCopy Manager Standard Edition for Solaris
ETERNUS SF Storage Cruiser for Solaris
ETERNUS SF AdvancedCopy Manager Standard Edition for RHEL
ETERNUS SF Express for RHEL
ETERNUS SF Storage Cruiser for RHEL
ETERNUS SF AdvancedCopy Manager Standard Edition for Windows Server
ETERNUS SF Express for Windows Server
ETERNUS SF Storage Cruiser for Windows Server
Software vendor:
Fsas Technologies
Fsas Technologies
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions. A local user with access to the management server can obtain database credentials, leading to execution of OS commands with administrator privileges.
Remediation
Install updates from vendor's website.