Published:2025/09/01 Last Updated:2025/09/01
JVN#22016482
Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection
Overview
SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contains an OS command injection vulnerability.
Products Affected
- SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier
Description
SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contains the following vulnerability.
- OS command injection (CWE-78)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
- CVE-2025-54857
Impact
A remote unauthenticated attacker may execute arbitrary OS commands with root privileges.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
The developer released the following version which contains a fix for this vulnerability.
- SkyBridge BASIC MB-A130 Ver.1.6.0
Vendor Status
| Vendor | Link |
| Seiko Solutions Inc. | SkyBridge BASIC MB-A130 vulnerability and countermeasures (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-54857 |
| JVN iPedia |
JVNDB-2025-000068 |