CVE-2025-69431

MEDIUM
2026-02-03 [email protected]
6.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Feb 11, 2026 - 16:14 vuln.today
Public exploit code
CVE Published
Feb 03, 2026 - 18:16 nvd
MEDIUM 6.1

Tags

Path Traversal Q2c Firmware

Description

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Samba protocol. This allows them to obtain all files within the NAS system and tamper with those files.

Analysis

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. [CVSS 6.1 MEDIUM]

Technical Context

Classified as CWE-59 (Improper Link Resolution Before File Access). Affects Q2C Firmware. The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Samba protocol. This allows them to obtain all files within the NAS system and tamper with those files.

Affected Products

Vendor: Zspace. Product: Q2C Firmware.

Remediation

Monitor vendor advisories for a patch.

Priority Score

51
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +30
POC: +20

Share

CVE-2025-69431 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy