CVE-2025-35978 HIGH

CVE-2025-35978

Vendor Fujitsu Client Computing Limited
Product UpdateNavi
Weakness CWE-923
Published June 12, 2025
Last update June 12, 2025

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed.

Key dates

02Disclosure timeline

June 12, 2025 CVE published
June 12, 2025 Record updated