JVN#39636188
Multiple vulnerabilities in Mubit Powered BLUE 870
Overview
Powered BLUE 870 provided by Mubit co.,ltd. contains multiple vulnerabilities.
Products Affected
- Powered BLUE 870 versions 0.20130927 and prior
Description
Powered BLUE 870 provided by Mubit co.,ltd. contains multiple vulnerabilities listed below.
- OS command injection (CWE-78)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 5.3
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Base Score 6.3
- CVE-2025-54958
- Path traversal (CWE-22)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 5.3
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score 4.3
- CVE-2025-54959
Impact
- Arbitrary OS commands may be executed on the affected product by an authenticated user (CVE-2025-54958)
- An arbitrary file in the affected product may be accessed by an authenticated user (CVE-2025-54959)
Solution
Stop using the product and switch to alternative product
The developer states that the affected product is no longer supported, and recommends to use alternative unaffected product Powered BLUE 890.
Vendor Status
Vendor | Link |
Mubit co.,ltd. | Powered BLUE 890(Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
CVE-2025-54958
Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2025-54959
Satoshi Horikoshi of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2025-54958 |
CVE-2025-54959 |
|
JVN iPedia |
JVNDB-2025-000057 |