Published: 2025/02/13  Last Updated: 2025/02/13

Information from JIP InfoBridge Co., Ltd.

Vulnerability ID:JVN#80527854
Title:Multiple vulnerabilities in FileMegane
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

- Overview
FileMegane contains multiple vulnerabilities.

- Affected Systems
-- CVE-2025-20075
Product Name: FileMegane
Affected Versions: Versions above 3.0.0.0 prior to 3.4.0.0

-- CVE-2025-25055
Product Name: FileMegane
Affected Versions: Versions above 1.0.0.0 prior to 3.4.0.0

- Detailed Information
-- CVE-2025-20075
Due to the SSRF vulnerability in the search keyword suggestion feature, arbitrary requests to the backend Web API are possible.

-- CVE-2025-25055
Due to the Windows authentication process on the search screen, after Windows authentication, the login process is completed with just a request, allowing an attacker to set arbitrary user information and impersonate a user.

- Potential Impact
-- CVE-2025-20075
Executing arbitrary backend Web API requests could potentially lead to actions such as restarting the service.

-- CVE-2025-25055
User impersonation could allow access to file contents that should not be accessible.

- Solution
Update FileMegane to the latest version. For information on obtaining the latest version, please contact the support desk specified at the time of product purchase.

- Acknowledgments
This vulnerability information was reported to JPCERT/CC by Asato Masamu of GMO Cybersecurity by Ierae, Inc.