CVE-2025-7699

Name of the Vulnerable Software and Affected Versions ADM versions 4.1.0 through 4.3.3.RH61 ADM version 5.0.0.RIN1 and earlier

Description An improper access control vulnerability exists in the EZ Sync Manager of ADM. Authenticated users can copy arbitrary files from the server file system into their EZSync folder due to a lack of authorization checks on the file parameter of the HTTP request. This allows attackers to access files outside their authorized scope, potentially leading to unauthorized exposure of sensitive data, provided the file has readable permissions for other users on the underlying OS.

Recommendations ADM versions prior to 4.1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. ADM versions 4.1.0 through 4.3.3.RH61: At the moment, there is no information about a newer version that contains a fix for this vulnerability. ADM version 5.0.0.RIN1 and earlier: At the moment, there is no information about a newer version that contains a fix for this vulnerability.