CVE-2025-62577

HIGH

ETERNUS SF AdvancedCopy Manager Standard Edition and Storage Cruiser - Incorrect Default Permissions

Title source: llm
STIX 2.1

Description

ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0015
EPSS Percentile 5.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-276
Status published
Products (8)
Fsas Technologies Inc./ETERNUS SF AdvancedCopy Manager Standard Edition (for RHEL 7/ 8/ 9) 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
Fsas Technologies Inc./ETERNUS SF AdvancedCopy Manager Standard Edition (for Solaris 10/ 11) 15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
Fsas Technologies Inc./ETERNUS SF AdvancedCopy Manager Standard Edition (for Windows Server 2016/ 2019/ 2022) 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
Fsas Technologies Inc./ETERNUS SF Express (for Windows Server 2016/ 2019/ 2022) 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
Fsas Technologies Inc./ETERNUS SF Expressn (for RHEL 7/ 8/ 9) 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
Fsas Technologies Inc./ETERNUS SF Storage Cruiser (for Solaris 10/ 11) 15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
Fsas Technologies Inc./ETERNUS SF Storage Cruiser (for Windows Server 2016/ 2019/ 2022) 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
Fsas Technologies Inc./ETERNUS SF Storage Cruisern (for RHEL 7/ 8/ 9) 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
Published Oct 20, 2025
Tracked Since Feb 18, 2026