CVE-2025-46617

HIGH

Quantum StorNext Web GUI API <7.2.4 - Info Disclosure

Title source: llm
STIX 2.1

Description

Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and unauthorized modification of some software configuration parameters via undocumented user credentials. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage.

References (1)

Core 1

Scores

CVSS v3 7.2
EPSS 0.0025
EPSS Percentile 16.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-798
Status published
Products (1)
Quantum/StorNext < 7.2.4
Published Apr 25, 2025
Tracked Since Feb 18, 2026