Search criteria
2 vulnerabilities by OPEN, Inc.
CVE-2025-31932 (GCVE-0-2025-31932)
Vulnerability from cvelistv5 – Published: 2025-04-11 09:38 – Updated: 2025-04-11 14:34
VLAI?
Summary
Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console.
The vendor provides the workaround information and recommends to apply it to the deployment environment.
Severity ?
8.8 (High)
CWE
- CWE-502 - Deserialization of untrusted data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OPEN, Inc. | BizRobo! |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T14:34:41.494488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T14:34:57.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BizRobo!",
"vendor": "OPEN, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console.\r\nThe vendor provides the workaround information and recommends to apply it to the deployment environment."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of untrusted data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T09:38:50.657Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39951710517145"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39952052043289"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39953373809305"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/360029772271"
},
{
"url": "https://jvn.jp/en/jp/JVN30641875/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-31932",
"datePublished": "2025-04-11T09:38:50.657Z",
"dateReserved": "2025-04-02T01:34:59.088Z",
"dateUpdated": "2025-04-11T14:34:57.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31362 (GCVE-0-2025-31362)
Vulnerability from cvelistv5 – Published: 2025-04-11 09:38 – Updated: 2025-04-11 14:36
VLAI?
Summary
Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available.
The vendor provides the workaround information and recommends to apply it to the deployment environment.
Severity ?
CWE
- CWE-321 - Use of hard-coded cryptographic key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OPEN, Inc. | BizRobo! |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T14:36:14.079306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T14:36:44.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BizRobo!",
"vendor": "OPEN, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available.\r\nThe vendor provides the workaround information and recommends to apply it to the deployment environment."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of hard-coded cryptographic key",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T09:38:43.242Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39951710517145"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39952052043289"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39953373809305"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/360029772271"
},
{
"url": "https://jvn.jp/en/jp/JVN30641875/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-31362",
"datePublished": "2025-04-11T09:38:43.242Z",
"dateReserved": "2025-04-02T01:34:56.875Z",
"dateUpdated": "2025-04-11T14:36:44.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}