CVE-2025-61871 MEDIUM

CVE-2025-61871

Vendor Buffalo Inc.
Product NAS Navigator2 (Windows version only)
Weakness CWE-428
Published October 10, 2025
Last update October 10, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

Key dates

02Disclosure timeline

October 10, 2025 CVE published
October 10, 2025 Record updated