CVE-2025-46617 | THREATINT

Description

Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and unauthorized modification of some software configuration parameters via undocumented user credentials. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage.

PUBLISHED Reserved 2025-04-25 | Published 2025-04-25 | Updated 2025-04-25 | Assigner mitre

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-798 Use of Hard-coded Credentials

Product status

Default status

unaffected

Any version before 7.2.4

affected

References

www.quantum.com/...xt-gui-multiple-security-vulnerabilities/

cve.org (CVE-2025-46617)

nvd.nist.gov (CVE-2025-46617)

Download JSON