Improper Communication Channel Restriction in UpdateNavi by Fujitsu
CVE-2025-35978

6.9MEDIUM

Key Information:

Vendor: Fujitsu Client Computing Limited
Status: Updatenavi; Updatenaviinstallservice
Vendor: CVE Published:; 12 June 2025

🔔 Create Fujitsu Client Computing Limited Vulnerability Alert

What is CVE-2025-35978?

A security vulnerability exists in Fujitsu's UpdateNavi, specifically in versions V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. This issue allows a local authenticated attacker to exploit the system by sending malicious data, which could lead to unauthorized modifications of the registry or execution of arbitrary code. It highlights the importance of correctly managing communication channels to prevent such vulnerabilities.

Affected Version(s)

UpdateNavi V1.4 L10 to L33

UpdateNaviInstallService Service 1.2.0091 to 1.2.0125

References

https://azby.fmworld.net/support/security/information/upd...

https://jvn.jp/en/jp/JVN17860456/

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2025
Vulnerability Reserved
Jun 10, 2025