Cross-Site Request Forgery Vulnerability in Web Caster by NTT
CVE-2025-58272

2LOW

Key Information:

Vendor: Ntt East, Inc.
Status: Web Caster V130
Vendor: CVE Published:; 3 September 2025

🔔 Create Ntt East, Inc. Vulnerability Alert

What is CVE-2025-58272?

A cross-site request forgery vulnerability exists in the Web Caster V130 product, specifically in versions 1.08 and earlier. This flaw manifests when a logged-in user inadvertently accesses a malicious webpage crafted by an attacker. As a result, the attacker's crafted page has the potential to manipulate the settings of the Web Caster, leading to unintended changes and possible compromise of user data.

Affected Version(s)

Web Caster V130 1.08 and earlier

References

https://www.ntt-east.co.jp/info/detail/220903_01.html

https://www.ntt-west.co.jp/info/support/oshirase20250903....

https://jvn.jp/en/jp/JVN65839588/

CVSS V4

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Aug 27, 2025