SecuriTricks - CVE-2025-59479

Description

CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product.

Product(s) Impacted

Vendor	Product	Versions
Inaba	Ib-mct001 Firmware Ib-mct001	- -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1021

Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	inaba	ib-mct001_firmware	-	/	/	/	/	/	/	/
h	inaba	ib-mct001	-	/	/	/	/	/	/	/

References

https://jvn.jp/en/vu/JVNVU92827367/

https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf

CVSS Score

5.1 / 10

CVSS Data - 4.0

Attack Vector: NETWORK
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: NONE
User Interaction: ACTIVE
Scope:
Confidentiality Impact: NONE
Integrity Impact: LOW
Availability Impact: NONE
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: Dec. 16, 2025, 5:16 a.m.
Last Modified: Dec. 23, 2025, 9:46 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

vultures@jpcert.or.jp

CVE-2025-59479