VYPR
← All advisories
Medium severityNVD Advisory· Published Jul 14, 2025· Updated Apr 15, 2026

CVE-2025-7380

CVE-2025-7380

Description

A stored Cross-Site Scripting (XSS) vulnerability exists in the Access Control of ADM, the issue allows an attacker to inject malicious scripts into the folder name field while creating a new shared folder. These scripts are not properly sanitized and will be executed when the folder name is subsequently displayed in the user interface. This allows attackers to execute arbitrary JavaScript in the context of another user's session, potentially accessing session cookies or other sensitive data. Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A stored XSS vulnerability in ASUSTOR ADM allows attackers to inject malicious scripts via folder names, compromising user sessions.

The vulnerability is a stored Cross-Site Scripting (XSS) flaw in the Access Control module of ASUSTOR's ADM operating system [1]. The root cause is insufficient sanitization of the folder name field when creating shared folders, allowing an attacker to inject arbitrary JavaScript code [1].

To exploit this, an attacker must have network access to the ADM interface and the ability to create a shared folder (requiring authentication). The injected script is stored on the server and executed when another user views the folder name in the UI [1].

Successful exploitation enables the attacker to execute arbitrary JavaScript in the context of the victim's session, potentially accessing session cookies or other sensitive data [1].

ASUSTOR has addressed the issue in ADM 5.0.0.RJG2 and ADM 4.3.3.RJH1, and recommends upgrading affected versions (ADM 4.1.0 to 4.3.3.RH61, and ADM 5.0.0.RIN1 and earlier) [1].

References
  1. 2025-005: ADM | ASUSTOR NAS

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1
  • ADM/ADMllm-fuzzy
    Range: >=4.1.0, <=4.3.3.RH61, and <=5.0.0.RIN1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.