Improper Input Validation in ASUSTOR ADM by ASUSTOR
CVE-2025-7378

6MEDIUM

Key Information:

Vendor

Asustor

Status
Vendor
CVE Published:
9 July 2025

What is CVE-2025-7378?

An improper input validation issue exists in ASUSTOR ADM that allows attackers to inject arbitrary values into the NAS configuration file. This flaw can lead to significant system misconfigurations, potentially causing the NAS to malfunction and exhibit unpredictable behavior. Affected users should ensure they are running a secure version and apply relevant updates to mitigate risks.

Affected Version(s)

ADM Linux 4.1 < 4.3.1.R5A1

References

CVSS V4

Score:
6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-7378 : Improper Input Validation in ASUSTOR ADM by ASUSTOR