Information from JIP InfoBridge Co., Ltd.
Vulnerability ID:JVN#80527854
Title:Multiple vulnerabilities in FileMegane
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
- Overview
FileMegane contains multiple vulnerabilities.
- Affected Systems
-- CVE-2025-20075
Product Name: FileMegane
Affected Versions: Versions above 3.0.0.0 prior to 3.4.0.0
-- CVE-2025-25055
Product Name: FileMegane
Affected Versions: Versions above 1.0.0.0 prior to 3.4.0.0
- Detailed Information
-- CVE-2025-20075
Due to the SSRF vulnerability in the search keyword suggestion feature, arbitrary requests to the backend Web API are possible.
-- CVE-2025-25055
Due to the Windows authentication process on the search screen, after Windows authentication, the login process is completed with just a request, allowing an attacker to set arbitrary user information and impersonate a user.
- Potential Impact
-- CVE-2025-20075
Executing arbitrary backend Web API requests could potentially lead to actions such as restarting the service.
-- CVE-2025-25055
User impersonation could allow access to file contents that should not be accessible.
- Solution
Update FileMegane to the latest version. For information on obtaining the latest version, please contact the support desk specified at the time of product purchase.
- Acknowledgments
This vulnerability information was reported to JPCERT/CC by Asato Masamu of GMO Cybersecurity by Ierae, Inc.