logo_clicknbuy.png

CVE-2025-7378 – ASUSTOR ADM NAS Configuration File Injection Vulnerability

The following table lists the changes that have been made to the
CVE-2025-7378 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • CVE Modified
    by [email protected]

    Jul. 09, 2025

    Action Type Old Value New Value
    Changed Description Improper Input Validation vulnerability

    allows injecting arbitrary values of the NAS configuration file

    in ASUSTOR ADM

    . This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior.
    This issue affects ADM: from 4.1 before 4.3.1.R5A1.

    		 An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior.
    This issue affects ADM: from 4.1 before 4.3.1.R5A1.
  • New CVE Received
    by [email protected]

    Jul. 09, 2025

    Action Type Old Value New Value
    Added Description Improper Input Validation vulnerability

    allows injecting arbitrary values of the NAS configuration file

    in ASUSTOR ADM

    . This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior.
    This issue affects ADM: from 4.1 before 4.3.1.R5A1.
    Added CVSS V4.0 AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:Amber
    Added CWE CWE-20
    Added Reference https://www.asustor.com/security/security_advisory_detail?id=41
Share the Post:

Related Posts