Access Control Flaw in EZ Sync Manager by Asustor
CVE-2025-7699

7.1HIGH

Key Information:

Vendor: Asustor
Status: Adm
Vendor: CVE Published:; 16 July 2025

What is CVE-2025-7699?

An access control issue was identified in the EZ Sync Manager of Asustor's ADM, which permits authenticated users to copy arbitrary files from the server's file system into their EZSync folders. This flaw arises from inadequate authorization checks on the file parameter in HTTP requests, enabling attackers to access files beyond their authorized boundaries if those files have read permissions set for other users at the operating system level. This can lead to unauthorized exposure of sensitive information, representing a significant security risk to users.

Affected Version(s)

ADM Linux 4.1.0 <= 4.3.3.RH61

ADM Linux 5.0.0 <= 5.0.0.RIN1

References

https://www.asustor.com/security/security_advisory_detail...

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Jul 16, 2025

Credit

Engin Aydoğan