We use cookies to help us improve our webpage. Please read our Cookie Policy .

ASUSTOR Product Security Advisory

AS-2025-003: DataSync Center

2025-07-09

Severity

Important

Status

Resolved

Statement

A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from 1.2.0 before 1.2.0.r206.

  • The issue has been fixed on DataSync Center 1.1.0.r208 for ADM 4.x.
  • The issue has been fixed on DataSync Center 1.2.0.r207 for ADM 5.0 and above.

Affected Products

Product Severity Fixed Release Availability
DataSync Center on ADM 5.0 Important Upgrade DataSync Center to 1.2.0.r207 or above.
DataSync Center on ADM 4.x Important Upgrade DataSync Center to 1.1.0.r208 or above.

Detail

  • CVE-2025-7379
    • Severity: Medium
    • CVSS4 Base Score: 5.2
    • CVSS4 Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H
    • A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from 1.2.0 before 1.2.0.r206.

Revision

Revision Date Description
1 2025-07-09 Initial public release.
2 2025-07-09 CVE ID (CVE-2025-7379) is assigned for the issue.
3 2025-07-09 Release DataSync Center 1.1.0.r208 for ADM 4.x to fix the issue.
4 2025-07-09 Release DataSync Center 1.2.0.r207 for ADM 5.0 to fix the issue.