Published:2025年05月26日 Last Updated:2025年05月26日

JVN#39546799
Mailform Pro CGI generating error messages containing sensitive information

Overview

Mailform Pro CGI provided by SYNCK GRAPHICA generates error messages containing sensitive information.

Products Affected

Mailform Pro CGI versions prior to 4.3.4

This vulnerability only affects products that use the coupon feature.

Description

Mailform Pro CGI provided by SYNCK GRAPHICA contains a vulnerability listed below.

Generation of error message containing sensitive information (CWE-209)
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.3
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 3.7
- CVE-2025-41441

Impact

A remote unauthenticated attacker may obtain coupon codes.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor Link

SYNCK GRAPHICA Mailform Pro vulnerability to coupon Feature (Text in Japanese)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert

JPCERT Reports

CERT Advisory

CPNI Advisory

TRnotes

CVE CVE-2025-41441

JVN iPedia JVNDB-2025-000032

JVN#39546799 Mailform Pro CGI generating error messages containing sensitive information