Hard-Coded Cryptographic Key Vulnerability in desknet's NEO by Desknet
CVE-2025-58426

5.3MEDIUM

Key Information:

Vendor: Neojapan Inc.
Status: Desknet's Neo
Vendor: CVE Published:; 16 October 2025

🔔 Create Neojapan Inc. Vulnerability Alert

What is CVE-2025-58426?

The vulnerability in desknet's NEO versions V4.0R1.0 to V9.0R2.0 arises from a hard-coded cryptographic key embedded in the software. This flaw enables attackers to forge malicious AppSuite applications that can compromise the integrity of the application ecosystem. Exploitation of this vulnerability poses significant risks to users relying on desknet's NEO, highlighting the importance of regular security audits and updates to ensure application integrity.

Affected Version(s)

desknet's NEO V4.0R1.0 to V9.0R2.0

References

https://www.desknets.com/neo/support/mainte/17475/

https://jvn.jp/en/jp/JVN90757550/

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Sep 1, 2025

JSON