JVN#68079883
Improper pattern file validation in i-FILTER optional feature 'Anti-Virus & Sandbox'
Overview
The optional feature 'Anti-Virus & Sandbox' of i-FILTER provided by Digital Arts Inc. contains an improper pattern file validation vulnerability.
Products Affected
- i-FILTER Ver.10.50R01 to Ver.10.67R02
Note that the product is affected only when the optional feature 'Anti-Virus & Sandbox' is being used.
Description
The optional feature 'Anti-Virus & Sandbox' of i-FILTER provided by Digital Arts Inc. validates pattern files improperly.
- Improper pattern file validation (CWE-348)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.9
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3
- CVE-2025-47149
Impact
The product may treat an unauthorized pattern file as an authorized.
If the product uses a specially crafted pattern file, information in the server where the product is running may be retrieved, and/or cause a denial of service (DoS) condition.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
The developer has released the following version to address this vulnerability.
- i-FILTER Ver.10.67R03 or later
Vendor Status
| Vendor | Link |
| Digital Arts Inc. | "i-FILTER" Ver.10.67R03 (Text in Japanese, login required) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Digital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-47149 |
| JVN iPedia |
JVNDB-2025-000033 |