CVE-2025-7378
Description
An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. This issue affects ADM: from 4.1 before 4.3.1.R5A1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ASUSTOR ADM improper input validation allows arbitrary config injection, leading to system misconfiguration and unexpected behavior.
Vulnerability
Overview CVE-2025-7378 is an improper input validation vulnerability in ASUSTOR ADM (versions 4.1.0 and below, as well as 4.3.1.R5A1 and below). The flaw permits an attacker to inject arbitrary values into the NAS configuration file, potentially breaking the file format and causing system misconfiguration [1].
Exploitation
An attacker with local access and low privileges could exploit this vulnerability. The attack complexity is low but requires physical or local network access (AV:L) and privileges (PR:L) [1]. Successful exploitation could lead to unexpected behavior of the NAS, such as configuration corruption.
Impact
According to the CVSS vector, the vulnerability has high impact on integrity and availability (VI:H/VA:H) with low confidentiality impact. An attacker could disrupt normal NAS operation or misconfigure the system, potentially causing denial of service or further compromise [1].
Mitigation
The issue is fixed in ADM version 4.3.1.R6C1 or above. Users are advised to upgrade their ADM firmware to the latest version to remediate the vulnerability [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.