CVE-2025-69429

Exploit

EPSS 0.01%
Veröffentlicht 03.02.2026 00:00:00
Zuletzt bearbeitet 11.02.2026 16:40:38
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, then access the USB drive's symlink directory mounted on the NAS to obtain all files within the NAS system and tamper with those files.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Orico ≫ Cd3510 Firmware Version <= 1.9.12

Orico ≫ Cd3510 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.009

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.1	0.9	5.2	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://www.notion.so/ORICO-NAS-Incorrect-Symlink-Follow-2c36cf4e528a80b7bf0be4dcac758419?source=copy_link

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-69429

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-69429

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-69429

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-69429