CVE-2025-7378 MEDIUM

CVE-2025-7378: An improper input validation vulnerability was found on manipulating configuration of ADM

Vendor Asustor
Product ADM
Weakness CWE-20 · Input validation
Published July 9, 2025
Last update July 9, 2025

CVSS base score

6.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/R:U/U:Amber

What the vulnerability does

01Description

An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. This issue affects ADM: from 4.1 before 4.3.1.R5A1.

Key dates

02Disclosure timeline

July 9, 2025 CVE published
July 9, 2025 Record updated