CVE-2025-69431

Name of the Vulnerable Software and Affected Versions ZSPACE Q2C NAS (affected versions not specified)

Description The ZSPACE Q2C NAS is affected by an issue involving incorrect symbolic link handling. An attacker can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device, and then access the drive’s directory via the Samba protocol. This allows unauthorized access to and modification of all files within the NAS system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.