CVE-2025-66954 | THREATINT

Description

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint.

PUBLISHED Reserved 2025-12-08 | Published 2026-04-20 | Updated 2026-04-20 | Assigner mitre

References

github.com/DBmonster19/CVE-2025-66954

cve.org (CVE-2025-66954)

nvd.nist.gov (CVE-2025-66954)

Download JSON