Main Vulnerability Database SB2025032819

SB2025032819 - UNIX symbolic link following in FutureNet NXR series and VXR series routers

Published: March 28, 2025

Security Bulletin ID SB2025032819

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) UNIX symbolic link following (CVE-ID: CVE-2025-30485)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue. An administrator with physical access can create a specially crafted symbolic link to a critical file on the system and obtain or destroy internal files.

Remediation

Install update from vendor's website.

References

Vulnerable Software

FutureNet NXR-1420: 31.0.1
FutureNet NXR-1300: 7.4.12 and previous versions
FutureNet NXR-650: 21.16.5 and previous versions
FutureNet NXR-610X: 21.14.11D and previous versions
FutureNet NXR-530: 21.11.15 and previous versions
FutureNet NXR-350/C: 5.30.9C and previous versions
FutureNet NXR-230/C: 5.30.13 and previous versions
FutureNet NXR-160/LW: 21.8.4 and previous versions
FutureNet NXR-G540: 21.17.0 and previous versions
FutureNet NXR-G260: 9.12.17 and previous versions
FutureNet NXR-G240: 9.12.17 and previous versions
FutureNet NXR-G180/L-CA: 21.7.33 and previous versions
FutureNet NXR-G120: 21.15.2C1 and previous versions
FutureNet NXR-G110: 21.15.10 and previous versions
FutureNet NXR-G100: 6.23.11 and previous versions
FutureNet NXR-G060: 21.15.6C2 and previous versions
FutureNet NXR-G050: 21.12.11 and previous versions
FutureNet VXR-x64: 21.7.33 and previous versions
FutureNet VXR-x86: 10.1.5 and previous versions

SB2025032819 - UNIX symbolic link following in FutureNet NXR series and VXR series routers

Breakdown by Severity

Description

Remediation

References

Please verify you're human