JVN#17860456
UpdateNavi vulnerable to improper restriction of communication channel to intended endpoints
Overview
UpdateNavi provided by Fujitsu Client Computing Limited contains an improper restriction of communication channel to intended endpoints vulnerability.
Products Affected
- UpdateNavi V1.4 L10 to L33
- UpdateNaviInstallService Service 1.2.0091 to 1.2.0125
Description
UpdateNavi provided by Fujitsu Client Computing Limited contains the following vulnerability.
- Improper restriction of communication channel to intended endpoints (CWE-923)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 6.9
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Base Score 7.1
- CVE-2025-35978
Impact
If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed.
Solution
Update the application
Update the application to the latest version according to the information provided by the developer.
The application will be updated automatically when the product is running and connected to the Internet.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Fujitsu Client Computing Limited | Vulnerable | 2025/06/12 | Fujitsu Client Computing Limited website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Shu Yoshikoshi of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-35978 |
| JVN iPedia |
JVNDB-2025-000038 |