CVE-2025-25280

Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/vu/JVNVU96398949/
https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de desbordamiento de búfer en las series FutureNet AS (enrutadores industriales) y FA (máquinas de conversión de protocolo) proporcionadas por Century Systems Co., Ltd. Si se explota esta vulnerabilidad, un atacante remoto no autenticado puede reiniciar el dispositivo enviando una solicitud especialmente manipulada.

03 Mar 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-03 09:15

Updated : 2026-06-17 09:00

NVD link : CVE-2025-25280

Mitre link : CVE-2025-25280

CVE.ORG link : CVE-2025-25280

JSON object : View

Products Affected

No product.

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2025-25280", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-25280", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-03T14:52:46.483841Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "affected": [{"source": "vultures@jpcert.or.jp", "affectedData": [{"vendor": "Century Systems Co., Ltd.", "product": "FutureNet AS-250/S", "versions": [{"status": "affected", "version": "firmware Version 1.14.0 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet AS-250/F-SC", "versions": [{"status": "affected", "version": "firmware Version 1.14.0 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet AS-250/F-KO", "versions": [{"status": "affected", "version": "firmware Version 1.14.0 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet AS-250/NL", "versions": [{"status": "affected", "version": "firmware Version 1.14.0 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet AS-250/KL", "versions": [{"status": "affected", "version": "firmware Version 1.14.0 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet AS-250/KL Rev2", "versions": [{"status": "affected", "version": "firmware Version 2.6.6 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet AS-250/L", "versions": [{"status": "affected", "version": "firmware Version 2.6.6 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet AS-M250/L", "versions": [{"status": "affected", "version": "firmware Version 3.0.0 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet AS-M250/KL", "versions": [{"status": "affected", "version": "firmware Version 3.0.0 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet AS-M250/NL", "versions": [{"status": "affected", "version": "firmware Version 3.0.0 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet AS-P250/NL", "versions": [{"status": "affected", "version": "firmware Version 2.6.6 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet AS-P250/KL", "versions": [{"status": "affected", "version": "firmware Version 2.6.6 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet AS-210/U4", "versions": [{"status": "affected", "version": "firmware Version 2.6.6 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet FA-210", "versions": [{"status": "affected", "version": "firmware Version 1.1.9 and earlier"}]}, {"vendor": "Century Systems Co., Ltd.", "product": "FutureNet FA-215", "versions": [{"status": "affected", "version": "firmware Version 1.0.1 and earlier"}]}]}], "published": "2025-03-03T09:15:39.990", "references": [{"url": "https://jvn.jp/en/vu/JVNVU96398949/", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en las series FutureNet AS (enrutadores industriales) y FA (m\u00e1quinas de conversi\u00f3n de protocolo) proporcionadas por Century Systems Co., Ltd. Si se explota esta vulnerabilidad, un atacante remoto no autenticado puede reiniciar el dispositivo enviando una solicitud especialmente manipulada."}], "lastModified": "2026-06-17T09:00:36.427", "sourceIdentifier": "vultures@jpcert.or.jp"}