cbcvebase.
CVE-2025-7378
published 2025-07-09

CVE-2025-7378: An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to…

PriorityP428medium6CVSS 4.0
AVLACLATPPRLUIPVCLVIHVAHSCLSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRUVXREXUAmber
EPSS
0.13%
2.7th percentile
An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. This issue affects ADM: from 4.1 before 4.3.1.R5A1.

Affected

1 ranges
VendorProductVersion rangeFixed in
asustoradm>= 4.1 < 4.3.1.R5A14.3.1.R5A1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.