Incorrect Symbolic Link Following in ZSPACE Q2C NAS Device
CVE-2025-69431

6.1MEDIUM

Key Information:

Vendor: ZSPACE
Status: Q2C NAS
Vendor: CVE Published:; 3 February 2026

What is CVE-2025-69431?

The ZSPACE Q2C NAS is vulnerable due to incorrect handling of symbolic links, allowing attackers to exploit this flaw. By formatting a USB drive as ext4 and creating a symbolic link to its root directory, an attacker can insert the USB drive into the NAS device. This manipulation enables access to the USB drive's directory mounted on the NAS via the Samba protocol, permitting unauthorized retrieval and modification of files stored within the NAS system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.notion.so/ZSPACE-Incorrect-Symlink-Follow-2c2...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2026
Vulnerability Reserved
Jan 9, 2026

JSON

ZSPACE

What is CVE-2025-69431?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.