CVE-2025-26698

LOW

RevoWorks SCVX/RevoWorks Browser - Info Disclosure

Title source: llm

Description

Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.

References (2)

[Various Sources] https://jscom.jp/news-20250217/

[Third Party Advisory] https://jvn.jp/en/jp/JVN91300609/

Scores

CVSS v3 2.7

EPSS 0.0006

EPSS Percentile 18.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-669

Status published

Products (4)

J’s Communication Co., Ltd./RevoWorks Browser 2.2.100 and earlier 2 series versions

J’s Communication Co., Ltd./RevoWorks Browser 3.0.1 and earlier 3 series versions

J’s Communication Co., Ltd./RevoWorks SCVX 4.0.234 and earlier 4 series versions

J’s Communication Co., Ltd./RevoWorks SCVX 5.0.7 and earlier 5 series versions

Published Feb 26, 2025

Tracked Since Feb 18, 2026