JVNDB-2025-008145
Vulnerability from jvndb - Published: 2025-07-08 14:08 - Updated:2025-07-08 14:08
Severity ?
Summary
Epson Web Installer for Mac vulnerable to missing authentication for critical function
Details
Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability.
Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON's products. It contains "helper tool" and launches it in the middle of the execution.
"helper tool" contains the following vulnerability.
- Missing authentication for critical function (CWE-306) - CVE-2025-4960
- This is exploitable only while "helper tool" is running.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-008145.html",
"dc:date": "2025-07-08T14:08+09:00",
"dcterms:issued": "2025-07-08T14:08+09:00",
"dcterms:modified": "2025-07-08T14:08+09:00",
"description": "Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability.\r\nEpson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON\u0027s products. It contains \"helper tool\" and launches it in the middle of the execution.\r\n\r\n\"helper tool\" contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eMissing authentication for critical function (CWE-306) - CVE-2025-4960\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eThis is exploitable only while \"helper tool\" is running.\u003c/li\u003e\u003c/ul\u003e\r\n\u003c/ul\u003e\r\nCarlos Garrido of Pentraze Cybersecurity reported this vulnerability to SEIKO EPSON CORPORATION and coordinated. After the coordination was completed, SEIKO EPSON CORPORATION reported the case to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-008145.html",
"sec:cpe": {
"#text": "cpe:/a:epson:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "SEIKO EPSON CORPORATION",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-008145",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93543156/index.html",
"@id": "JVNVU#93543156",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-4960",
"@id": "CVE-2025-4960",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/306.html",
"@id": "CWE-306",
"@title": "Missing Authentication for Critical Function(CWE-306)"
}
],
"title": "Epson Web Installer for Mac vulnerable to missing authentication for critical function"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…