Asustor Adm vulnerabilities
24 known vulnerabilities affecting asustor/adm.
Total CVEs
24
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH6MEDIUM12LOW2
Vulnerabilities
Page 2 of 2
CVE-2025-7380P4MEDIUMCVSS 4.8≥ 4.1.0, ≤ 4.3.3.RH61≥ 5.0.0, ≤ 5.0.0.RIN12025-07-14
CVE-2025-7380 [MEDIUM] CWE-79 CVE-2025-7380: A stored Cross-Site Scripting (XSS) vulnerability exists in the Access Control of ADM, the issue all
A stored Cross-Site Scripting (XSS) vulnerability exists in the Access Control of ADM, the issue allows an attacker to inject malicious scripts into the folder name field while creating a new shared folder. These scripts are not properly sanitized and will be executed when the folder name is subsequently displayed in the user interface. This allows att
nvd
CVE-2023-3699P4MEDIUMCVSS 5.5≥ 4.0, ≤ 4.0.6.RIS1≥ 4.1, ≤ 4.1.0.RLQ1+1 more2023-08-22
CVE-2023-3699 [MEDIUM] CWE-269 CVE-2023-3699: An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unpr
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
nvd
CVE-2026-24934P4LOWCVSS 3.7≥ 4.1.0, ≤ 4.3.3.ROF1≥ 5.0.0, ≤ 5.1.1.RCI12026-02-03
CVE-2026-24934 [LOW] CWE-295 CVE-2026-24934: The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to spoof the response, leading the device to update its DDNS record with an incorrect IP address.
Affected prod
nvd
CVE-2025-13053P4LOWCVSS 3.7≥ 4.1.0, ≤ 4.3.3.RKD2≥ 5.0.0, ≤ 5.1.0.RN422025-12-12
CVE-2025-13053 [LOW] CWE-311 CVE-2025-13053: When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certifi
When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) attack, which may obtain the sensitive information of the UPS server configuation.
This issue affects ADM: fro
nvd
← Previous2 / 2