We use cookies to help us improve our webpage. Please read our Cookie Policy .

AS-2025-002: ADM

2025-07-09

Severity

Important

Status

Resolved


Statement

An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. Affected products and versions include: 4.1.0 and below as well as ADM 4.3.1.R5A1 and below.

  • The issue has been fixed on ADM 4.3.1.R6C1.

Affected Products

Product Severity Fixed Release Availability
ADM 4.3, ADM 4.2 and 4.1 Important Upgrade to ADM 4.3.1.R6C1 or above.

Detail

  • CVE-2025-7378
    • Severity: Medium
    • CVSS4 Base Score: 6
    • CVSS4 Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/R:U/U:Amber
    • An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior.This issue affects ADM: from 4.1 before 4.3.1.R5A1.

Revision

Revision Date Description
1 2025-07-09 Initial public release.
2 2025-07-09 CVE ID (CVE-2025-7378) is assigned for the issue.
3 2025-07-09 ADM ADM 4.3.1.R6C1 has been released for fixing the issue.