HIKSEMI NAS CVE-2026-22625
MEDIUMSeverity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.
AnalysisAI
HIKSEMI NAS devices improperly validate filenames, allowing attackers with physical access to traverse directory structures and read sensitive system files. This vulnerability affects confidentiality but requires local presence and no authentication, making it a risk primarily in physically accessible environments. No patch is currently available for this issue.
Technical ContextAI
Classified as CWE-22 (Path Traversal). Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.
Affected ProductsAI
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.
RemediationAI
Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today