{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-12049","assignerOrgId":"f2760a35-e0d8-4637-ac4c-cc1a2de3e282","state":"PUBLISHED","assignerShortName":"NEC","dateReserved":"2025-10-22T00:22:02.916Z","datePublished":"2025-12-22T05:05:25.588Z","dateUpdated":"2025-12-22T17:07:30.700Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","product":"Media Player MP-01","vendor":"Sharp Display Solutions, Ltd.","versions":[{"status":"affected","version":"All versions"}]}],"credits":[{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"Souvik Kandar of MicroSec (microsec.io)"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication."}],"value":"Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication."}],"metrics":[{"cvssV4_0":{"attackComplexity":"HIGH","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":9.2,"baseSeverity":"CRITICAL","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-306","description":"CWE-306: Missing Authentication for Critical Function","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f2760a35-e0d8-4637-ac4c-cc1a2de3e282","shortName":"NEC","dateUpdated":"2025-12-22T05:05:25.588Z"},"references":[{"url":"https://sharp-displays.jp.sharp/global/support/info/MP01-CVE-2025-12049.html"}],"source":{"discovery":"EXTERNAL"},"tags":["unsupported-when-assigned"],"x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-22T17:07:00.976136Z","id":"CVE-2025-12049","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-22T17:07:30.700Z"}}]}}