CVE-2025-7618
BaseFortify
Publication date: 2025-07-14
Last updated on: 2025-07-15
Assigner: ASUSTOR, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| asustor | text_editor | 1.0.0.r112 |
| asustor | asustor_data_master | 4.3.3.rh61 |
| asustor | asustor_data_master | 4.1.0 |
| asustor | asustor_data_master | 5.0.0.rin1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7618 is a stored Cross-Site Scripting (XSS) vulnerability found in the File Explorer and Text Editor components of ASUSTOR Data Master (ADM). It allows an attacker to inject malicious scripts into these applications, which can then access browser cookies or other sensitive information used by the affected applications. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute malicious scripts within the affected applications, potentially leading to unauthorized access to sensitive information such as browser cookies. This could result in compromised user sessions or data leakage. [1]
What immediate steps should I take to mitigate this vulnerability?
As of the advisory date, no fixed releases are available yet. Immediate mitigation steps include avoiding use of the affected ADM File Explorer and Text Editor versions (ADM 4.1.0 to 4.3.3.RH61, ADM 5.0.0.RIN1 and earlier, and Text Editor 1.0.0.r112 and earlier), limiting user privileges to reduce risk, and exercising caution with user interactions that could trigger the vulnerability. Monitoring official ASUSTOR advisories for patches or updates is also recommended. [1]