CVE-2025-7378

An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. This issue affects ADM: from 4.1 before 4.3.1.R5A1.

CVSS

No CVSS.

References

Link	Resource
https://www.asustor.com/security/security_advisory_detail?id=41

Configurations

No configuration.

History

10 Jul 2025, 13:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-09 07:15

Updated : 2025-07-10 13:17

NVD link : CVE-2025-7378

Mitre link : CVE-2025-7378

CVE.ORG link : CVE-2025-7378

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2025-7378", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@asustor.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 6.0, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-09T07:15:24.667", "references": [{"url": "https://www.asustor.com/security/security_advisory_detail?id=41", "source": "security@asustor.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@asustor.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior.\nThis issue affects ADM: from 4.1 before 4.3.1.R5A1."}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta permite inyectar valores arbitrarios del archivo de configuraci\u00f3n del NAS en ASUSTOR ADM. Esto podr\u00eda provocar una configuraci\u00f3n incorrecta del sistema y alterar el formato del archivo de configuraci\u00f3n, provocando un comportamiento inesperado del NAS. Este problema afecta a ADM desde la versi\u00f3n 4.1 hasta la 4.3.1.R5A1."}], "lastModified": "2025-07-10T13:17:30.017", "sourceIdentifier": "security@asustor.com"}

CVE-2025-7378

JSON object

Attach tags to CVE-2025-7378

Attach tags to `CVE-2025-7378`