CVE-2025-25280 (GCVE-0-2025-25280)
Vulnerability from cvelistv5 – Published: 2025-03-03 08:25 – Updated: 2025-03-03 14:53
VLAI
EPSS
VEX
Summary
Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer overflow
Assigner
References
2 references
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| Century Systems Co., Ltd. | FutureNet AS-250/S |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/F-SC |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/F-KO |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/NL |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/KL |
Affected:
firmware Version 1.14.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/KL Rev2 |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-250/L |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/L |
Affected:
firmware Version 3.0.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/KL |
Affected:
firmware Version 3.0.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-M250/NL |
Affected:
firmware Version 3.0.0 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-P250/NL |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-P250/KL |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet AS-210/U4 |
Affected:
firmware Version 2.6.6 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet FA-210 |
Affected:
firmware Version 1.1.9 and earlier
|
|
| Century Systems Co., Ltd. | FutureNet FA-215 |
Affected:
firmware Version 1.0.1 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T14:52:46.483841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T14:53:08.462Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FutureNet AS-250/S",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/F-SC",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/F-KO",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.14.0 and earlier"
}
]
},
{
"product": "FutureNet AS-250/KL Rev2",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet AS-250/L",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/L",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 3.0.0 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 3.0.0 and earlier"
}
]
},
{
"product": "FutureNet AS-M250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 3.0.0 and earlier"
}
]
},
{
"product": "FutureNet AS-P250/NL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet AS-P250/KL",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet AS-210/U4",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 2.6.6 and earlier"
}
]
},
{
"product": "FutureNet FA-210",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.1.9 and earlier"
}
]
},
{
"product": "FutureNet FA-215",
"vendor": "Century Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware Version 1.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T08:25:16.938Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96398949/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25280",
"datePublished": "2025-03-03T08:25:16.938Z",
"dateReserved": "2025-02-17T04:46:45.646Z",
"dateUpdated": "2025-03-03T14:53:08.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-25280",
"date": "2026-07-11",
"epss": "0.00474",
"percentile": "0.37769"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-25280\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2025-03-03T09:15:39.990\",\"lastModified\":\"2026-06-17T09:00:36.427\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de desbordamiento de b\u00fafer en las series FutureNet AS (enrutadores industriales) y FA (m\u00e1quinas de conversi\u00f3n de protocolo) proporcionadas por Century Systems Co., Ltd. Si se explota esta vulnerabilidad, un atacante remoto no autenticado puede reiniciar el dispositivo enviando una solicitud especialmente manipulada.\"}],\"affected\":[{\"source\":\"vultures@jpcert.or.jp\",\"affectedData\":[{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet AS-250/S\",\"versions\":[{\"version\":\"firmware Version 1.14.0 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet AS-250/F-SC\",\"versions\":[{\"version\":\"firmware Version 1.14.0 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet AS-250/F-KO\",\"versions\":[{\"version\":\"firmware Version 1.14.0 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet AS-250/NL\",\"versions\":[{\"version\":\"firmware Version 1.14.0 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet AS-250/KL\",\"versions\":[{\"version\":\"firmware Version 1.14.0 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet AS-250/KL Rev2\",\"versions\":[{\"version\":\"firmware Version 2.6.6 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet AS-250/L\",\"versions\":[{\"version\":\"firmware Version 2.6.6 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet AS-M250/L\",\"versions\":[{\"version\":\"firmware Version 3.0.0 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet AS-M250/KL\",\"versions\":[{\"version\":\"firmware Version 3.0.0 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet AS-M250/NL\",\"versions\":[{\"version\":\"firmware Version 3.0.0 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet AS-P250/NL\",\"versions\":[{\"version\":\"firmware Version 2.6.6 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet AS-P250/KL\",\"versions\":[{\"version\":\"firmware Version 2.6.6 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet AS-210/U4\",\"versions\":[{\"version\":\"firmware Version 2.6.6 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet FA-210\",\"versions\":[{\"version\":\"firmware Version 1.1.9 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Century Systems Co., Ltd.\",\"product\":\"FutureNet FA-215\",\"versions\":[{\"version\":\"firmware Version 1.0.1 and earlier\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"vultures@jpcert.or.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-03-03T14:52:46.483841Z\",\"id\":\"CVE-2025-25280\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"vultures@jpcert.or.jp\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"references\":[{\"url\":\"https://jvn.jp/en/vu/JVNVU96398949/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html\",\"source\":\"vultures@jpcert.or.jp\"}]}}",
"redhat_vex": {
"current_release_date": "2025-05-28T17:28:04+00:00",
"cve": "CVE-2025-25280",
"id": "CVE-2025-25280",
"initial_release_date": "2025-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "CVE-2025-25280",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25280.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet AS-250/S\", \"versions\": [{\"version\": \"firmware Version 1.14.0 and earlier\", \"status\": \"affected\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet AS-250/F-SC\", \"versions\": [{\"version\": \"firmware Version 1.14.0 and earlier\", \"status\": \"affected\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet AS-250/F-KO\", \"versions\": [{\"version\": \"firmware Version 1.14.0 and earlier\", \"status\": \"affected\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet AS-250/NL\", \"versions\": [{\"version\": \"firmware Version 1.14.0 and earlier\", \"status\": \"affected\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet AS-250/KL\", \"versions\": [{\"version\": \"firmware Version 1.14.0 and earlier\", \"status\": \"affected\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet AS-250/KL Rev2\", \"versions\": [{\"version\": \"firmware Version 2.6.6 and earlier\", \"status\": \"affected\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet AS-250/L\", \"versions\": [{\"version\": \"firmware Version 2.6.6 and earlier\", \"status\": \"affected\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet AS-M250/L\", \"versions\": [{\"version\": \"firmware Version 3.0.0 and earlier\", \"status\": \"affected\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet AS-M250/KL\", \"versions\": [{\"version\": \"firmware Version 3.0.0 and earlier\", \"status\": \"affected\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet AS-M250/NL\", \"versions\": [{\"version\": \"firmware Version 3.0.0 and earlier\", \"status\": \"affected\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet AS-P250/NL\", \"versions\": [{\"version\": \"firmware Version 2.6.6 and earlier\", \"status\": \"affected\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet AS-P250/KL\", \"versions\": [{\"version\": \"firmware Version 2.6.6 and earlier\", \"status\": \"affected\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet AS-210/U4\", \"versions\": [{\"version\": \"firmware Version 2.6.6 and earlier\", \"status\": \"affected\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet FA-210\", \"versions\": [{\"version\": \"firmware Version 1.1.9 and earlier\", \"status\": \"affected\"}]}, {\"vendor\": \"Century Systems Co., Ltd.\", \"product\": \"FutureNet FA-215\", \"versions\": [{\"version\": \"firmware Version 1.0.1 and earlier\", \"status\": \"affected\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"Buffer overflow\", \"lang\": \"en-US\", \"cweId\": \"CWE-120\", \"type\": \"CWE\"}]}], \"references\": [{\"url\": \"https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html\"}, {\"url\": \"https://jvn.jp/en/vu/JVNVU96398949/\"}], \"metrics\": [{\"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}], \"cvssV3_1\": {\"version\": \"3.1\", \"baseSeverity\": \"MEDIUM\", \"baseScore\": 5.3, \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\"}}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2025-03-03T08:25:16.938Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-25280\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-03T14:52:46.483841Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-03T14:52:59.678Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2025-25280\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"jpcert\", \"dateReserved\": \"2025-02-17T04:46:45.646Z\", \"datePublished\": \"2025-03-03T08:25:16.938Z\", \"dateUpdated\": \"2025-03-03T14:53:08.462Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…