CVE-2025-7699
BaseFortify
Publication date: 2025-07-16
Last updated on: 2025-07-16
Assigner: ASUSTOR, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| asustor | asustor_data_master | 4.3.3.rh61 |
| asustor | asustor_data_master | 4.1.0 |
| asustor | asustor_data_master | 5.0.0.rin1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper access control issue in the EZ Sync Manager of ADM. It allows authenticated users to copy arbitrary files from the server's file system into their own EZSync folder because the system lacks proper authorization checks on the file parameter in HTTP requests. As a result, attackers can access files outside their authorized scope if those files have readable permissions for other users on the operating system.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized exposure of sensitive data by allowing attackers to access and copy files they should not have permission to access. This can compromise confidentiality and potentially lead to data breaches or leakage of sensitive information stored on the server.