Description
An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. This issue affects ADM: from 4.1 before 4.3.1.R5A1.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://www.asustor.com/security/security_advisory_detail?id=41
Scores
CVSS v4
6.0
EPSS
0.0013
EPSS Percentile
2.7%
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:Amber
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (1)
ASUSTOR/ADM
4.1 - 4.3.1.R5A1
Published
Jul 09, 2025
Tracked Since
Feb 18, 2026