CVE-2025-30485 MEDIUM

CVE-2025-30485

Vendor Century Systems Co., Ltd.
Product FutureNet NXR-1420
Weakness CWE-61
Published April 3, 2025
Last update April 3, 2025

CVSS base score

6.2/10
Attack vector Physical
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.

Key dates

02Disclosure timeline

April 3, 2025 CVE published
April 3, 2025 Record updated