CVE-2025-65002 is a vulnerability classified under CWE-863 (Incorrect Authorization) affecting Fujitsu / Fsas Technologies iRMC S6 on M5 firmware versions prior to 1.37S. The issue arises from improper handling of Redfish and WebUI access controls when the username length is exactly 16 characters. This boundary condition leads to a bypass of authorization checks, allowing an attacker with network access and low privileges to escalate their access rights without requiring user interaction. The vulnerability impacts the iRMC (Integrated Remote Management Controller), a critical component used for out-of-band management of Fujitsu servers, enabling remote monitoring and control. Successful exploitation could allow attackers to gain unauthorized administrative access, leading to full compromise of server management functions, including configuration changes, firmware updates, and potentially control over hosted workloads. The CVSS v3.1 base score is 7.5, indicating high severity with network attack vector, high impact on confidentiality, integrity, and availability, and requiring low privileges but no user interaction. No public exploits have been reported yet, but the vulnerability’s nature and affected component make it a significant risk for organizations relying on Fujitsu iRMC for server management. The lack of an available patch at the time of disclosure necessitates immediate mitigation through network-level controls and monitoring.

For European organizations, this vulnerability poses a substantial risk, especially those operating data centers, cloud services, or critical infrastructure using Fujitsu servers with iRMC S6 on M5. Unauthorized access to iRMC can lead to full administrative control over server hardware, enabling attackers to disrupt operations, steal sensitive data, or implant persistent malware. The high impact on confidentiality, integrity, and availability could result in data breaches, service outages, and loss of trust. Given the widespread use of Fujitsu servers in Europe’s enterprise and government sectors, exploitation could affect financial institutions, healthcare providers, manufacturing, and public administration. The vulnerability’s exploitation complexity is moderate due to the specific username length condition, but once exploited, the consequences are severe. The absence of known exploits currently provides a window for proactive defense, but the risk of future exploitation remains significant.

Until an official patch is released, European organizations should implement strict network segmentation to isolate iRMC interfaces from general network access, restricting them to trusted management networks only. Enforce strong access controls and multi-factor authentication on management interfaces to reduce the risk of unauthorized access. Monitor network traffic for unusual access patterns to iRMC endpoints, especially attempts involving usernames of exactly 16 characters. Disable or limit Redfish and WebUI access if not required, or restrict it via firewall rules. Maintain an inventory of affected Fujitsu iRMC devices and prioritize their upgrade to firmware version 1.37S or later once available. Engage with Fujitsu support for guidance and early patch deployment. Additionally, conduct regular audits of server management logs to detect potential exploitation attempts. Implement compensating controls such as VPN access for management interfaces and enhanced logging and alerting on privilege escalations.