PT-2025-28858 · Asustor · Asustor Adm
Published
2025-07-09
·
Updated
2025-07-09
·
CVE-2025-7378
CVSS v4.0
6.0
Medium
| Vector | AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:Amber |
Name of the Vulnerable Software and Affected Versions:
ASUSTOR ADM versions 4.1 through 4.3.1.R5A0
Description:
The issue is related to improper input validation, allowing arbitrary values to be injected into the NAS configuration file. This could lead to system misconfiguration, breaking the format of the configuration file, and causing the NAS to exhibit unexpected behavior.
Recommendations:
For ASUSTOR ADM versions 4.1 through 4.3.1.R5A0, update to version 4.3.1.R5A1 to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asustor Adm