Search criteria
2 vulnerabilities by OPEN, Inc.
CVE-2025-31932 (GCVE-0-2025-31932)
Vulnerability from cvelistv5 – Published: 2025-04-11 09:38 – Updated: 2025-04-11 14:34
VLAI
Summary
Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console.
The vendor provides the workaround information and recommends to apply it to the deployment environment.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of untrusted data
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OPEN, Inc. | BizRobo! |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T14:34:41.494488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T14:34:57.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BizRobo!",
"vendor": "OPEN, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console.\r\nThe vendor provides the workaround information and recommends to apply it to the deployment environment."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of untrusted data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T09:38:50.657Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39951710517145"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39952052043289"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39953373809305"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/360029772271"
},
{
"url": "https://jvn.jp/en/jp/JVN30641875/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-31932",
"datePublished": "2025-04-11T09:38:50.657Z",
"dateReserved": "2025-04-02T01:34:59.088Z",
"dateUpdated": "2025-04-11T14:34:57.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31362 (GCVE-0-2025-31362)
Vulnerability from cvelistv5 – Published: 2025-04-11 09:38 – Updated: 2025-04-11 14:36
VLAI
Summary
Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available.
The vendor provides the workaround information and recommends to apply it to the deployment environment.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-321 - Use of hard-coded cryptographic key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OPEN, Inc. | BizRobo! |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T14:36:14.079306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T14:36:44.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BizRobo!",
"vendor": "OPEN, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available.\r\nThe vendor provides the workaround information and recommends to apply it to the deployment environment."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of hard-coded cryptographic key",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T09:38:43.242Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39951710517145"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39952052043289"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39953373809305"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/360029772271"
},
{
"url": "https://jvn.jp/en/jp/JVN30641875/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-31362",
"datePublished": "2025-04-11T09:38:43.242Z",
"dateReserved": "2025-04-02T01:34:56.875Z",
"dateUpdated": "2025-04-11T14:36:44.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}