CVE-2025-7378 | THREATINT

Description

An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. This issue affects ADM: from 4.1 before 4.3.1.R5A1.

PUBLISHED Reserved 2025-07-09 | Published 2025-07-09 | Updated 2025-07-09 | Assigner ASUSTOR1

MEDIUM: 6.0CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/R:U/U:Amber

Problem types

CWE-20 Improper Input Validation

Product status

Default status

unaffected

4.1 (custom) before 4.3.1.R5A1

affected

References

www.asustor.com/security/security_advisory_detail?id=41 vendor-advisory

cve.org (CVE-2025-7378)

nvd.nist.gov (CVE-2025-7378)

Download JSON