Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/R:U/U:Amber
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/R:U/U:Amber
Lifecycle Timeline
4DescriptionCVE.org
An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. This issue affects ADM: from 4.1 before 4.3.1.R5A1.
AnalysisAI
A security vulnerability in An improper Input Validation vulnerability (CVSS 6.0) that allows injecting arbitrary values of the nas configuration file. Remediation should follow standard vulnerability management procedures.
Technical ContextAI
CWE-20 (Improper Input Validation). Affects An improper Input Validation vulnerability.
RemediationAI
Monitor vendor channels for patch availability.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-20789