CVE-2026-32325 Fsas Technologies Inc. CVE debrief

Who should care

Organizations running FUJITSU ServerView Agents for Windows V11.60.04 or earlier on production servers. System administrators responsible for Windows server hardening and privilege management. Security teams monitoring for local privilege escalation vectors in data center and enterprise environments.

Technical summary

The vulnerability exists in ServerView Agents for Windows versions V11.60.04 and earlier. A local authenticated attacker with the ability to log in to the affected server can exploit a privilege chaining weakness (CWE-268) to obtain SYSTEM-level privileges. The CVSS:4.0 vector indicates local attack vector (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), and high impact to confidentiality, integrity, and availability of the vulnerable system (VC:H/VI:H/VA:H). The vulnerability does not affect subsequent system scope (SC:N/SI:N/SA:N).

Defensive priority

HIGH

Recommended defensive actions

• Apply the vendor-provided update for ServerView Agents for Windows beyond V11.60.04 as referenced in the FUJITSU security advisory.
• Restrict local interactive logon to servers running affected ServerView Agents to authorized administrators only.
• Monitor for anomalous privilege escalation attempts on systems where ServerView Agents are installed.
• Review and validate vendor attribution during triage, as current source confidence is low.

Evidence notes

Vendor attribution is inferred from the fsastech.com domain (FUJITSU's security portal) and JPCERT/CC coordination. The vendor field in source data is marked low-confidence and needs review.

Official resources