Published:2025/08/20 Last Updated:2025/08/22
JVNVU#94286093
FUJIFILM Healthcare Americas Synapse Mobility vulnerable to Privilege Escalation
Overview
Synapse Mobility provided by FUJIFILM Healthcare Americas Corporation is vulnerable to privilege escalation.
Products Affected
- Synapse Mobility versions 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1
Description
Synapse Mobility provided by FUJIFILM Healthcare Americas Corporation is vulnerable to privilege escalation.
- Privilege escalation vulnerability through external control of Web parameter (CWE-472)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 5.3
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score 4.3
- CVE-2025-54551
Impact
By altering the parameters of the search function, a user of the product may escalate the privilege and access data that the user do not have permission to view.
Solution
Update the Software
Update the software to the following versions which are not affected by this vulnerability according to the information provided by the developer.
- Synapse Mobility version 9.0 or 8.2x
The developer has provided the patches for the following versions to address this vulnerability.
- For Synapse Mobility versions 8.0 to 8.1.1
Vendor Status
| Vendor | Link |
| FUJIFILM Healthcare Americas Corporation | Synapse Mobility Vulnerability Notification |
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Christopher Alejandro (Moroco) reported this vulnerability to CISA ICS.
JPCERT/CC, upon request from CISA ICS, coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-54551 |
| JVN iPedia |
|
Update History
- 2025/08/22
- ICS Advisory link under the section [References] was added