JVN#69684540
ScanSnap Manager installers vulnerable to privilege escalation
Overview
ScanSnap Manager installers provided by PFU Limited contain a vulnerability which allows privilege escalation.
Products Affected
- ScanSnap Manager installers versions prior to V6.5L61
Description
ScanSnap Manager installers provided by PFU Limited contain the following vulnerability.
- Incorrect privilege assignment (CWE-266)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-57797
Impact
An authenticated local attacker may escalate privileges and execute an arbitrary command.
Solution
Stop using the product and switch to alternative product
The developer states that the affected product is no longer supported, and recommends to use alternative unaffected product ScanSnap Home.
Refer to the information provided by the developer for details.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Kazuhira Agata, Kentaro Kan, Tomoaki Kobayashi, Takayuki Tomita, Yoshiaki Yamamuro reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-57797 |
| JVN iPedia |
JVNDB-2025-000065 |