Vulnerabilites related to JIP InfoBridge Co., Ltd. - FileMegane
cve-2025-25055
Vulnerability from cvelistv5
Published
2025-02-17 23:56
Modified
2025-02-18 15:42
Severity ?
EPSS score ?
Summary
Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4.0.0, which may lead to user impersonation. If exploited, restricted file contents may be accessed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JIP InfoBridge Co., Ltd. | FileMegane |
Version: Versions above 1.0.0.0 prior to 3.4.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:42:24.377076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T15:42:32.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileMegane",
"vendor": "JIP InfoBridge Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Versions above 1.0.0.0 prior to 3.4.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4.0.0, which may lead to user impersonation. If exploited, restricted file contents may be accessed."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "Authentication Bypass by Spoofing",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-17T23:56:51.567Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.info-brdg.co.jp/support/report/megane/sec20250201.html"
},
{
"url": "https://jvn.jp/en/jp/JVN80527854/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25055",
"datePublished": "2025-02-17T23:56:51.567Z",
"dateReserved": "2025-02-03T08:50:27.677Z",
"dateUpdated": "2025-02-18T15:42:32.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-20075
Vulnerability from cvelistv5
Published
2025-02-17 23:57
Modified
2025-02-18 15:42
Severity ?
EPSS score ?
Summary
Server-side request forgery (SSRF) vulnerability exists in FileMegane versions above 3.0.0.0 prior to 3.4.0.0. Executing arbitrary backend Web API requests could potentially lead to rebooting the services.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JIP InfoBridge Co., Ltd. | FileMegane |
Version: Versions above 3.0.0.0 prior to 3.4.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:41:45.635584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T15:42:10.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileMegane",
"vendor": "JIP InfoBridge Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Versions above 3.0.0.0 prior to 3.4.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery (SSRF) vulnerability exists in FileMegane versions above 3.0.0.0 prior to 3.4.0.0. Executing arbitrary backend Web API requests could potentially lead to rebooting the services."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-side request forgery (SSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-17T23:57:07.153Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.info-brdg.co.jp/support/report/megane/sec20250201.html"
},
{
"url": "https://jvn.jp/en/jp/JVN80527854/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-20075",
"datePublished": "2025-02-17T23:57:07.153Z",
"dateReserved": "2025-02-03T08:50:24.827Z",
"dateUpdated": "2025-02-18T15:42:10.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2025-000011
Vulnerability from jvndb
Published
2025-02-13 13:39
Modified
2025-02-13 13:39
Severity ?
Summary
Multiple vulnerabilities in FileMegane
Details
FileMegane provided by JIP InfoBridge Co., Ltd. contains multiple vulnerabilities listed below.
<ul>
<li>Server-Side Request Forgery (SSRF) (CWE-918) - CVE-2025-20075</li>
<li>Authentication Bypass by Spoofing (CWE-290) - CVE-2025-25055</li>
</ul>
Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| JIP InfoBridge Co., Ltd. | FileMegane |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000011.html",
"dc:date": "2025-02-13T13:39+09:00",
"dcterms:issued": "2025-02-13T13:39+09:00",
"dcterms:modified": "2025-02-13T13:39+09:00",
"description": "FileMegane provided by JIP InfoBridge Co., Ltd. contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eServer-Side Request Forgery (SSRF) (CWE-918) - CVE-2025-20075\u003c/li\u003e\r\n\u003cli\u003eAuthentication Bypass by Spoofing (CWE-290) - CVE-2025-25055\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nMasamu Asato of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000011.html",
"sec:cpe": {
"#text": "cpe:/a:misc:jip_infobridge_filemegane",
"@product": "FileMegane",
"@vendor": "JIP InfoBridge Co., Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000011",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN80527854/index.html",
"@id": "JVN#80527854",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-20075",
"@id": "CVE-2025-20075",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-25055",
"@id": "CVE-2025-25055",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in FileMegane"
}