CVE-2025-61941_CVE-2025-61941

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration.

Basic Information

ID CVE-2025-61941

Source jpcert

Published Oct 15, 2025 at 07:24

Affected Product

Vendor BUFFALO INC.

Product WXR9300BE6P series

Version firmware versions prior to Ver.1.10

Affected Versions BUFFALO INC. WXR9300BE6P series firmware versions prior to Ver.1.10

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration.",
    "published": "2025-10-15T07:24:09.131Z",
    "modified": "2025-10-15T07:24:09.131Z",
    "type": "cve",
    "title": "CVE-2025-61941",
    "source": "jpcert",
    "references": "https://www.buffalo.jp/news/detail/20251014-01.html\nhttps://jvn.jp/en/vu/JVNVU96471278/",
    "id": "CVE-2025-61941",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "BUFFALO INC. WXR9300BE6P series firmware versions prior to Ver.1.10",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WXR9300BE6P series",
    "version": "firmware versions prior to Ver.1.10",
    "vendor": "BUFFALO INC.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}