Published:2025/07/23 Last Updated:2025/07/23
JVN#21177718
Real-time Bus Tracking System vulnerable to improper validation of specified quantity in input
Overview
Real-time Bus Tracking System provided by SYNCK GRAPHICA is vulnerable to improper validation of specified quantity in input.
Products Affected
- Real-time Bus Tracking System versions prior to 1.1
Description
Real-time Bus Tracking System provided by SYNCK GRAPHICA contains the following vulnerability.
- Improper validation of specified quantity in input (CWE-1284)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score 5.3
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Base Score 4.3
- CVE-2025-43881
Impact
A denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affected product.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| SYNCK GRAPHICA | Real-time Bus Tracking System (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
n3ddih reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-43881 |
| JVN iPedia |
JVNDB-2025-000051 |