CVE-2025-62577 is a vulnerability identified in the ETERNUS SF AdvancedCopy Manager Standard Edition software developed by Fsas Technologies Inc., specifically targeting Solaris 10 and 11 operating systems. The root cause is incorrect default permissions configured on the management server component of the software. These permissions allow a low-privileged user who has access to the management server to obtain database credentials that should be protected. With these credentials, an attacker can execute operating system commands with administrator (root) privileges, effectively escalating their privileges from a limited user to full system control. The vulnerability affects a broad range of software versions, from 15.0 through 16.9.1, indicating a long-standing misconfiguration. The CVSS v3.0 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and low privileges required, but no user interaction needed. The vulnerability scope is changed (S:C), meaning the compromise can affect resources beyond the initially vulnerable component. No public exploits have been reported yet, but the potential for severe damage is significant given the elevated privileges gained. The vulnerability is particularly critical in environments where ETERNUS SF is used for storage management and backup operations, as compromise could lead to data theft, manipulation, or disruption of backup services.

For European organizations, this vulnerability poses a significant risk, especially those relying on Solaris-based ETERNUS SF systems for critical storage management and backup functions. Successful exploitation could lead to unauthorized access to sensitive data, disruption of backup and recovery operations, and full system compromise due to root-level command execution. This could result in data breaches, loss of data integrity, operational downtime, and potential regulatory non-compliance under GDPR due to exposure of personal or sensitive data. The impact is heightened in sectors such as finance, healthcare, government, and critical infrastructure, where data availability and integrity are paramount. Additionally, the ability to execute OS commands as an administrator could allow attackers to deploy ransomware, establish persistent backdoors, or move laterally within networks, amplifying the threat landscape for European enterprises.

Organizations should immediately audit and correct the default permissions on the ETERNUS SF management server to restrict access to authorized administrators only. Applying vendor patches or updates as soon as they become available is critical. In the absence of patches, implement strict access controls and network segmentation to limit which users and systems can access the management server. Employ robust monitoring and logging of management server activities to detect unauthorized access attempts. Use principle of least privilege for all user accounts interacting with ETERNUS SF. Consider deploying host-based intrusion detection systems (HIDS) on Solaris servers to identify suspicious command executions. Regularly rotate and securely store database credentials, and if possible, use credential vaulting solutions. Conduct security awareness training for administrators to recognize and respond to potential exploitation attempts. Finally, perform regular vulnerability assessments and penetration testing focused on storage management infrastructure.