7.1
CVE-2025-7699
- EPSS 0.04%
- Veröffentlicht 16.07.2025 09:41:12
- Zuletzt bearbeitet 16.07.2025 14:58:59
- Quelle security@asustor.com
- CVE-Watchlists
- Unerledigt
An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request. Attackers can exploit this flaw to access files outside their authorized scope, provided the file has readable permissions for other users on the underlying OS. This can lead to unauthorized exposure of sensitive data. Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerASUSTOR
≫
Produkt
ADM
Default Statusunaffected
Version <=
4.3.3.RH61
Version
4.1.0
Status
affected
Version <=
5.0.0.RIN1
Version
5.0.0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.131 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@asustor.com | 7.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.