JVN#55678602
Improper file access permission settings in multiple i-フィルター products

Overview

Multiple i-フィルター products provided by Digital Arts Inc. are configured with an improper file access permission settings.

Products Affected

• i-フィルター 6.0 versions prior to 6.00.55
• i-フィルター for マルチデバイス (Windows version only) versions prior to 6.00.55
• i-フィルター for ZAQ (Windows version only) versions prior to 6.00.55
• i-フィルター for ネットカフェ versions prior to 6.10.55
• i-FILTER ブラウザー＆クラウド MultiAgent for Windows versions prior to 4.93R11

Note:
For the conditions required for this vulnerability, refer to "Vendor Status" section below.
i-フィルター is only available in Japan and is a different product to Digital Arts Inc.’s i-FILTER, which has the same pronunciation. This vulnerability does not affect Digital Arts’ i-FILTER.

Description

Multiple i-フィルター products provided by Digital Arts Inc. contains the following vulnerability.

• Incorrect default permissions (CWE-276)
  • CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5
  • CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8
  • CVE-2025-57846

Impact

A local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

Uninstall the Software
Uninstall the software if it is pre-installed without a valid license, or remains installed after the license agreement has expired.

For the details, refer to the information provided by the developer.