{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-7378", "assignerOrgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77", "state": "PUBLISHED", "assignerShortName": "ASUSTOR1", "dateReserved": "2025-07-09T06:11:51.237Z", "datePublished": "2025-07-09T07:06:08.150Z", "dateUpdated": "2025-07-09T13:54:52.248Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux", "x86", "ARM", "64 bit"], "product": "ADM", "vendor": "ASUSTOR", "versions": [{"lessThan": "4.3.1.R5A1", "status": "affected", "version": "4.1", "versionType": "custom"}]}], "datePublic": "2025-07-09T07:05:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior.<br>This issue affects ADM: from 4.1 before 4.3.1.R5A1."}], "value": "An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior.\nThis issue affects ADM: from 4.1 before 4.3.1.R5A1."}], "impacts": [{"capecId": "CAPEC-75", "descriptions": [{"lang": "en", "value": "CAPEC-75 Manipulating Writeable Configuration Files"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 6, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/R:U/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77", "shortName": "ASUSTOR1", "dateUpdated": "2025-07-09T08:43:51.598Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.asustor.com/security/security_advisory_detail?id=41"}], "source": {"discovery": "UNKNOWN"}, "title": "An improper input validation vulnerability was found on manipulating configuration of ADM", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-09T13:50:25.186642Z", "id": "CVE-2025-7378", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-09T13:54:52.248Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7378", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-09T13:50:25.186642Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-09T13:54:46.082Z"}}], "cna": {"title": "An improper input validation vulnerability was found on manipulating configuration of ADM", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-75", "descriptions": [{"lang": "en", "value": "CAPEC-75 Manipulating Writeable Configuration Files"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/R:U/U:Amber", "providerUrgency": "AMBER", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ASUSTOR", "product": "ADM", "versions": [{"status": "affected", "version": "4.1", "lessThan": "4.3.1.R5A1", "versionType": "custom"}], "platforms": ["Linux", "x86", "ARM", "64 bit"], "defaultStatus": "unaffected"}], "datePublic": "2025-07-09T07:05:00.000Z", "references": [{"url": "https://www.asustor.com/security/security_advisory_detail?id=41", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior.\nThis issue affects ADM: from 4.1 before 4.3.1.R5A1.", "supportingMedia": [{"type": "text/html", "value": "An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior.<br>This issue affects ADM: from 4.1 before 4.3.1.R5A1.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77", "shortName": "ASUSTOR1", "dateUpdated": "2025-07-09T08:43:51.598Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7378", "state": "PUBLISHED", "dateUpdated": "2025-07-09T13:54:52.248Z", "dateReserved": "2025-07-09T06:11:51.237Z", "assignerOrgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77", "datePublished": "2025-07-09T07:06:08.150Z", "assignerShortName": "ASUSTOR1"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior.\nThis issue affects ADM: from 4.1 before 4.3.1.R5A1."}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta permite inyectar valores arbitrarios del archivo de configuraci\u00f3n del NAS en ASUSTOR ADM. Esto podr\u00eda provocar una configuraci\u00f3n incorrecta del sistema y alterar el formato del archivo de configuraci\u00f3n, provocando un comportamiento inesperado del NAS. Este problema afecta a ADM desde la versi\u00f3n 4.1 hasta la 4.3.1.R5A1."}], "id": "CVE-2025-7378", "lastModified": "2025-07-10T13:17:30.017", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@asustor.com", "type": "Secondary"}]}, "published": "2025-07-09T07:15:24.667", "references": [{"source": "security@asustor.com", "url": "https://www.asustor.com/security/security_advisory_detail?id=41"}], "sourceIdentifier": "security@asustor.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@asustor.com", "type": "Secondary"}]}

{}

{"created": "2025-07-13T21:08:05.371947+00:00", "updated": "2025-07-13T21:08:05.372020+00:00", "vendors": ["asustor", "asustor$PRODUCT$adm"]}