External Page Display Vulnerability in GroupSession Products
CVE-2025-64781

5.1MEDIUM

Key Information:

Vendor: Japan Total System Co.,ltd.
Status: Groupsession Free Edition; Groupsession Bycloud; Groupsession Zion
Vendor: CVE Published:; 12 December 2025

🔔 Create Japan Total System Co.,ltd. Vulnerability Alert

What is CVE-2025-64781?

In GroupSession prior to version 5.7.1, a critical configuration setting allows users to be redirected to arbitrary websites via specially crafted URLs. The initial setting for 'External page display restriction' is configured to 'Do not limit,' which presents a security risk. Users may unknowingly visit malicious sites, highlighting the need for prompt updates and better security practices.

Affected Version(s)

GroupSession byCloud prior to ver5.7.1

GroupSession Free edition prior to ver5.7.1

GroupSession ZION prior to ver5.7.1

References

https://groupsession.jp/info/info-news/security20251208

https://jvn.jp/en/jp/JVN19940619/

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2025
Vulnerability Reserved
Nov 27, 2025

JSON