Unintended Proxy Issue in HMI ViewJet C-more and HMI GC-A2 Series by JTEKT
CVE-2025-25061

5.8MEDIUM

Key Information:

Vendor: Jtekt Electronics Corporation
Status: Hmi Viewjet C-more Series; Hmi Gc-a2 Series
Vendor: CVE Published:; 4 April 2025

🔔 Create Jtekt Electronics Corporation Vulnerability Alert

What is CVE-2025-25061?

An unintended proxy vulnerability exists in the HMI ViewJet C-more series and HMI GC-A2 series manufactured by JTEKT. This security flaw allows a remote unauthenticated attacker to exploit the product as an intermediary, potentially carrying out FTP bounce attacks. This issue poses significant security concerns for systems utilizing these HMIs, as attackers could leverage this vulnerability to infiltrate networks without detection.

Affected Version(s)

HMI GC-A2 series All versions

HMI ViewJet C-more series All versions

References

https://www.electronics.jtekt.co.jp/en/topics/202503207271/

https://www.electronics.jtekt.co.jp/en/topics/202503207269/

https://jvn.jp/en/jp/JVN17260367/

CVSS V3.0

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2025
Vulnerability Reserved
Mar 18, 2025