CVE-2025-65002
📋 TL;DR
This vulnerability in Fujitsu iRMC S6 on M5 servers allows authentication bypass when usernames are exactly 16 characters long. Attackers can potentially gain unauthorized access to the Redfish/WebUI management interface. This affects organizations using vulnerable versions of Fujitsu server management controllers.
💻 Affected Systems
- Fujitsu iRMC S6 on M5 servers
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of server management interface leading to unauthorized configuration changes, firmware manipulation, or denial of service to the management system.
Likely Case
Unauthorized access to management interface allowing configuration changes, monitoring data access, or privilege escalation within the management system.
If Mitigated
Limited impact due to network segmentation, strong authentication controls, and monitoring of management interface access.
🎯 Exploit Status
Exploitation requires knowledge of the vulnerability and ability to create or use a 16-character username. No authentication bypass for existing accounts.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.37S
Vendor Advisory: https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-ISS-2025-082610-Security-Notice.pdf
Restart Required: Yes
Instructions:
1. Download firmware version 1.37S from Fujitsu support portal. 2. Upload firmware to iRMC via web interface or remote management. 3. Apply firmware update. 4. Reboot the server to complete installation.
🔧 Temporary Workarounds
Username length restriction
allEnsure no usernames in the system are exactly 16 characters long
Network segmentation
allRestrict access to iRMC management interface to trusted networks only
🧯 If You Can't Patch
- Implement strict network access controls to limit iRMC interface access
- Monitor authentication logs for unusual access patterns or failed login attempts
🔍 How to Verify
Check if Vulnerable:
Check iRMC firmware version via web interface or SSH: version should be less than 1.37SCheck Version:
ssh admin@irmc-ip 'show version' or check via web interface under System InformationVerify Fix Applied:
Verify firmware version is 1.37S or later in iRMC web interface or via SSH📡 Detection & Monitoring
Log Indicators:
- Authentication attempts with 16-character usernames
- Unusual access patterns to Redfish/WebUI interface
- Failed login attempts followed by successful access
Network Indicators:
- Unusual traffic to iRMC management ports (typically 443, 22)
- Access from unexpected source IPs to management interface
SIEM Query:
source="irmc" AND (event_type="authentication" AND username_length=16) OR (event_type="access" AND user_agent="*Redfish*" AND src_ip NOT IN allowed_ips)