Skip to main content

ASUSTOR ADM. This CVE-2025-7378

| EUVDEUVD-2025-20789 MEDIUM
Improper Input Validation (CWE-20)
2025-07-09 security@asustor.com
6.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/R:U/U:Amber

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/R:U/U:Amber
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
4.3.1.R5A1
EUVD ID Assigned
Mar 16, 2026 - 06:20 euvd
EUVD-2025-20789
Analysis Generated
Mar 16, 2026 - 06:20 vuln.today
CVE Published
Jul 09, 2025 - 07:15 nvd
MEDIUM 6.0

DescriptionCVE.org

An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. This issue affects ADM: from 4.1 before 4.3.1.R5A1.

AnalysisAI

A security vulnerability in An improper Input Validation vulnerability (CVSS 6.0) that allows injecting arbitrary values of the nas configuration file. Remediation should follow standard vulnerability management procedures.

Technical ContextAI

CWE-20 (Improper Input Validation). Affects An improper Input Validation vulnerability.

RemediationAI

Monitor vendor channels for patch availability.

Share

CVE-2025-7378 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy