Search
Find a vulnerability
Search criteria
5 vulnerabilities by OPEN, Inc.
CVE-2025-31932 (GCVE-0-2025-31932)
Vulnerability from nvd – Published: 2025-04-11 09:38 – Updated: 2025-04-11 14:34
VLAI
Summary
Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console.
The vendor provides the workaround information and recommends to apply it to the deployment environment.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of untrusted data
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OPEN, Inc. | BizRobo! |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T14:34:41.494488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T14:34:57.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BizRobo!",
"vendor": "OPEN, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console.\r\nThe vendor provides the workaround information and recommends to apply it to the deployment environment."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of untrusted data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T09:38:50.657Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39951710517145"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39952052043289"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39953373809305"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/360029772271"
},
{
"url": "https://jvn.jp/en/jp/JVN30641875/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-31932",
"datePublished": "2025-04-11T09:38:50.657Z",
"dateReserved": "2025-04-02T01:34:59.088Z",
"dateUpdated": "2025-04-11T14:34:57.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31362 (GCVE-0-2025-31362)
Vulnerability from nvd – Published: 2025-04-11 09:38 – Updated: 2025-04-11 14:36
VLAI
Summary
Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available.
The vendor provides the workaround information and recommends to apply it to the deployment environment.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-321 - Use of hard-coded cryptographic key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OPEN, Inc. | BizRobo! |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T14:36:14.079306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T14:36:44.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BizRobo!",
"vendor": "OPEN, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available.\r\nThe vendor provides the workaround information and recommends to apply it to the deployment environment."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of hard-coded cryptographic key",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T09:38:43.242Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39951710517145"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39952052043289"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39953373809305"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/360029772271"
},
{
"url": "https://jvn.jp/en/jp/JVN30641875/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-31362",
"datePublished": "2025-04-11T09:38:43.242Z",
"dateReserved": "2025-04-02T01:34:56.875Z",
"dateUpdated": "2025-04-11T14:36:44.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31932 (GCVE-0-2025-31932)
Vulnerability from cvelistv5 – Published: 2025-04-11 09:38 – Updated: 2025-04-11 14:34
VLAI
Summary
Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console.
The vendor provides the workaround information and recommends to apply it to the deployment environment.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of untrusted data
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OPEN, Inc. | BizRobo! |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T14:34:41.494488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T14:34:57.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BizRobo!",
"vendor": "OPEN, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console.\r\nThe vendor provides the workaround information and recommends to apply it to the deployment environment."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of untrusted data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T09:38:50.657Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39951710517145"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39952052043289"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39953373809305"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/360029772271"
},
{
"url": "https://jvn.jp/en/jp/JVN30641875/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-31932",
"datePublished": "2025-04-11T09:38:50.657Z",
"dateReserved": "2025-04-02T01:34:59.088Z",
"dateUpdated": "2025-04-11T14:34:57.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31362 (GCVE-0-2025-31362)
Vulnerability from cvelistv5 – Published: 2025-04-11 09:38 – Updated: 2025-04-11 14:36
VLAI
Summary
Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available.
The vendor provides the workaround information and recommends to apply it to the deployment environment.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-321 - Use of hard-coded cryptographic key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OPEN, Inc. | BizRobo! |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T14:36:14.079306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T14:36:44.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BizRobo!",
"vendor": "OPEN, Inc.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available.\r\nThe vendor provides the workaround information and recommends to apply it to the deployment environment."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of hard-coded cryptographic key",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T09:38:43.242Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39951710517145"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39952052043289"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/39953373809305"
},
{
"url": "https://knowledge.bizrobo.com/hc/ja/articles/360029772271"
},
{
"url": "https://jvn.jp/en/jp/JVN30641875/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-31362",
"datePublished": "2025-04-11T09:38:43.242Z",
"dateReserved": "2025-04-02T01:34:56.875Z",
"dateUpdated": "2025-04-11T14:36:44.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2025-000026
Vulnerability from jvndb - Published: 2025-04-10 15:36 - Updated:2025-04-10 15:36
Severity
Summary
Multiple vulnerabilities in BizRobo!
Details
BizRobo! is an RPA (Robotic Process Automation) software provided by OPEN, Inc. Users compile an automation flow using DesignStudio, a development application that runs on Windows, and create robot files. A web application Management Console is provided to schedule RPA execution and to check the execution logs.
BizRobo! contains multiple vulnerabilities listed below.
- Use of hard-coded cryptographic key (CWE-321) - CVE-2025-31362
- Deserialization of untrusted data in the import function (CWE-502) - CVE-2013-7285
- Deserialization of untrusted data in Design Studio license authorization (CWE-502) - CVE-2025-31932
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000026.html",
"dc:date": "2025-04-10T15:36+09:00",
"dcterms:issued": "2025-04-10T15:36+09:00",
"dcterms:modified": "2025-04-10T15:36+09:00",
"description": "BizRobo! is an RPA (Robotic Process Automation) software provided by OPEN, Inc. Users compile an automation flow using DesignStudio, a development application that runs on Windows, and create robot files. A web application Management Console is provided to schedule RPA execution and to check the execution logs.\r\n\r\nBizRobo! contains multiple vulnerabilities listed below. \u003cul\u003e\u003cli\u003eUse of hard-coded cryptographic key (CWE-321) - CVE-2025-31362\u003c/li\u003e\u003cli\u003eDeserialization of untrusted data in the import function (CWE-502) - \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2013-7285\"\u003eCVE-2013-7285\u003c/a\u003e\u003c/li\u003e\u003cli\u003eDeserialization of untrusted data in Design Studio license authorization (CWE-502) - CVE-2025-31932\u003c/li\u003e\u003c/ul\u003e\r\nMasamu Asato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000026.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:open_bizrobo%21",
"@product": "BizRobo!",
"@vendor": "OPEN, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:open_bizrobo%21",
"@product": "BizRobo!",
"@vendor": "OPEN, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000026",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN30641875/index.html",
"@id": "JVN#30641875",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-31362",
"@id": "CVE-2025-31362",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-31932",
"@id": "CVE-2025-31932",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in BizRobo!"
}