CVE-2025-35978 is a high-severity vulnerability affecting Fujitsu Client Computing Limited's UpdateNavi software, specifically versions V1.4 L10 through L33 and the UpdateNaviInstallService Service versions 1.2.0091 to 1.2.0125. The vulnerability arises from improper restriction of communication channels to intended endpoints within the UpdateNavi update mechanism. This flaw allows a local authenticated attacker to send crafted malicious data through these communication channels, which can lead to unauthorized modification of arbitrary registry values or execution of arbitrary code on the affected system. The vulnerability does not require user interaction but does require local authentication, meaning the attacker must have some level of access to the system. The CVSS v3.0 score is 7.1, reflecting a high severity due to the potential for integrity and availability impacts without compromising confidentiality. The exploitation vector is local (AV:L), with low attack complexity (AC:L), and privileges required are low (PR:L). The scope remains unchanged (S:U), indicating the vulnerability affects only the vulnerable component and does not extend to other system components. The lack of known exploits in the wild suggests this vulnerability has not yet been actively exploited, but the potential impact remains significant given the ability to execute arbitrary code and modify critical registry settings. The vulnerability is particularly concerning because registry modifications can persist across reboots and may be leveraged to establish persistence or disable security controls, while arbitrary code execution can lead to full system compromise within the privileges of the UpdateNavi service or user context. UpdateNavi is a utility used primarily on Fujitsu client computing devices to manage system updates, making this vulnerability relevant to organizations using Fujitsu hardware and software management tools.

For European organizations, the impact of this vulnerability can be substantial, especially for enterprises and government agencies relying on Fujitsu client devices and their UpdateNavi software for system updates and maintenance. Successful exploitation could allow an attacker with local access—such as an insider threat, a compromised user account, or malware that has gained limited access—to escalate privileges or maintain persistence by altering registry settings or executing arbitrary code. This could lead to disruption of business operations, compromise of system integrity, and potential lateral movement within corporate networks. Given that UpdateNavi is a system update utility, tampering with its communication channels could also undermine the integrity of software updates, potentially allowing malicious updates or blocking legitimate patches, thereby increasing exposure to other vulnerabilities. The absence of user interaction lowers the barrier for exploitation once local access is obtained, increasing risk in environments where endpoint security controls are weak or where multiple users share devices. Additionally, critical infrastructure sectors and public administration entities using Fujitsu hardware may face heightened risks due to the strategic importance of their systems and the potential for targeted attacks leveraging this vulnerability.

1. Immediate application of any available patches or updates from Fujitsu addressing this vulnerability is paramount. Since no patch links are currently provided, organizations should monitor Fujitsu's official security advisories and update channels closely. 2. Restrict local access to systems running vulnerable versions of UpdateNavi by enforcing strict access controls, including limiting administrative privileges and implementing robust endpoint security solutions that can detect and prevent unauthorized local activities. 3. Employ application whitelisting and behavior monitoring to detect anomalous registry modifications or unexpected code execution related to UpdateNavi processes. 4. Conduct regular audits of registry settings and system update logs to identify unauthorized changes potentially linked to exploitation attempts. 5. Consider isolating or segmenting Fujitsu client devices within the network to limit potential lateral movement if compromise occurs. 6. Educate users about the risks of local credential compromise and enforce strong authentication mechanisms to reduce the likelihood of attackers gaining local access. 7. Implement endpoint detection and response (EDR) tools capable of monitoring inter-process communications and detecting exploitation attempts targeting update utilities. 8. In environments where immediate patching is not feasible, temporarily disabling or restricting the UpdateNavi service may be considered, balancing operational impact against security risk.