Unquoted File Path Vulnerability in NAS Navigator2 Windows by BUFFALO INC.
CVE-2025-61871

8.4HIGH

Key Information:

Vendor: Buffalo Inc.
Status: Nas Navigator2 (windows Version Only)
Vendor: CVE Published:; 10 October 2025

🔔 Create Buffalo Inc. Vulnerability Alert

What is CVE-2025-61871?

The NAS Navigator2 Windows application developed by BUFFALO INC. contains a vulnerability associated with an unquoted file path in its Windows service registration. This could allow a local attacker, given write access to the root directory of the system drive, to execute unauthorized arbitrary code with SYSTEM privileges, potentially compromising the affected system's integrity and security.

Affected Version(s)

NAS Navigator2 (Windows version only) prior to Ver.3.12.0

References

https://www.buffalo.jp/news/detail/20251009-01.html

https://jvn.jp/en/jp/JVN69099112/

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Oct 2, 2025

JSON