Published:2025/02/13  Last Updated:2025/02/13

JVN#80527854
Multiple vulnerabilities in FileMegane

Overview

FileMegane provided by JIP InfoBridge Co., Ltd. contains multiple vulnerabilities.

Products Affected

CVE-2025-20075

  • FileMegane versions above 3.0.0.0 prior to 3.4.0.0
CVE-2025-25055
  • FileMegane versions above 1.0.0.0 prior to 3.4.0.0

Description

FileMegane provided by JIP InfoBridge Co., Ltd. contains multiple vulnerabilities listed below.

  • Server-Side Request Forgery (SSRF) (CWE-918)
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L Base Score 7.2
    • CVE-2025-20075
  • Authentication Bypass by Spoofing(CWE-290
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 5.3
    • CVE-2025-25055

Impact

  • Executing arbitrary backend Web API requests could potentially lead to rebooting the services (CVE-2025-20075)
  • User impersonation could allow access to restricted file contents (CVE-2025-25055)

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released the update listed below that addresses these vulnerabilities.

  • FileMegane Ver.3.4.0.0

Vendor Status

Vendor Status Last Update Vendor Notes
JIP InfoBridge Co., Ltd. Vulnerable 2025/02/13 JIP InfoBridge Co., Ltd. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2025-20075
CVE-2025-25055
JVN iPedia JVNDB-2025-000011