UNIX symbolic link following in FutureNet NXR series and VXR series routers

Published: 2025-03-28

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2025-30485
CWE-ID	CWE-61
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	FutureNet NXR-1420 Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-1300 Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-650 Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-610X Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-530 Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-350/C Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-230/C Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-160/LW Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-G540 Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-G260 Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-G240 Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-G180/L-CA Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-G120 Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-G110 Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-G100 Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-G060 Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet NXR-G050 Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet VXR-x64 Hardware solutions / Routers & switches, VoIP, GSM, etc FutureNet VXR-x86 Hardware solutions / Routers & switches, VoIP, GSM, etc
Vendor	Century Systems

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) UNIX symbolic link following

EUVDB-ID: #VU106237

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30485

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue. An administrator with physical access can create a specially crafted symbolic link to a critical file on the system and obtain or destroy internal files.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FutureNet NXR-1420: 31.0.1

FutureNet NXR-1300: 7.4.12

FutureNet NXR-650: 21.16.5

FutureNet NXR-610X: 21.14.11D

FutureNet NXR-530: 21.11.15

FutureNet NXR-350/C: 5.30.9C

FutureNet NXR-230/C: 5.30.13

FutureNet NXR-160/LW: 21.8.4

FutureNet NXR-G540: 21.17.0

FutureNet NXR-G260: 9.12.17

FutureNet NXR-G240: 9.12.17

FutureNet NXR-G180/L-CA: 21.7.33

FutureNet NXR-G120: 21.15.2C1

FutureNet NXR-G110: 21.15.10

FutureNet NXR-G100: 6.23.11

FutureNet NXR-G060: 21.15.6C2

FutureNet NXR-G050: 21.12.11

FutureNet VXR-x64: 21.7.33

FutureNet VXR-x86: 10.1.5

CPE2.3

External links

https://jvn.jp/en/vu/JVNVU92821536/index.html
https://www.centurysys.co.jp/backnumber/common/jvnvu92821536.html

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.