CVE-2025-30485: UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product...
Description
UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.
Classification
CVE ID: CVE-2025-30485
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.2
CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Problem Types
UNIX symbolic link (Symlink) followingAffected Products
Vendor: Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd., Century Systems Co., Ltd.
Product: FutureNet NXR-1420, FutureNet NXR-1300 series, FutureNet NXR-650, FutureNet NXR-610X series, FutureNet NXR-530, FutureNet NXR-350/C, FutureNet NXR-230/C, FutureNet NXR-160/LW, FutureNet NXR-G540 series, FutureNet NXR-G260 series, FutureNet NXR-G240 series, FutureNet NXR-G180/L-CA, FutureNet NXR-G120 series, FutureNet NXR-G110 series, FutureNet NXR-G100 series, FutureNet NXR-G060 series, FutureNet NXR-G050 series, FutureNet VXR-x64, FutureNet VXR-x86, FutureNet NXR-1200, FutureNet NXR-130/C, FutureNet NXR-155/C-L, FutureNet NXR-155/C-XW, FutureNet NXR-155/C-WM, FutureNet NXR-125/CX, FutureNet NXR-120/C, FutureNet NXR-G100/SLW, FutureNet NXR-G100/SL, FutureNet NXR-G100/S, FutureNet NXR-G100/N, FutureNet NXR-G100/F, FutureNet WXR-250
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 3.13% (scored less or equal to compared to others)
EPSS Date: 2025-04-08 (when was this score calculated)