CVE-2025-13053
TLS Certificate Verification Bypass in Asustor ADM Enables MITM Attack
Publication date: 2025-12-12
Last updated on: 2025-12-12
Assigner: ASUSTOR, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| asustor | adm | 5.1.0.rn42 |
| asustor | adm | 4.3.3.rkd2 |
| asustor | adm | 4.1.0 |
| asustor | adm | 5.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-311 | The product does not encrypt sensitive or critical information before storage or transmission. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when a user configures the NAS to retrieve UPS status or control the UPS, but the TLS certificate verification is not properly enforced. This allows an attacker who can intercept the network traffic between the client and server to perform a man-in-the-middle (MITM) attack, potentially obtaining sensitive information related to the UPS server configuration.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to intercept and access sensitive information about the UPS server configuration by performing a man-in-the-middle attack. This could lead to unauthorized access or manipulation of UPS status and control data, potentially compromising the security and reliability of the UPS management.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
As of the advisory date, no fixed releases are available to address this vulnerability. Immediate mitigation steps include avoiding configuring the NAS to retrieve UPS status or control the UPS until a patch is released, minimizing network exposure of the ADM device, and monitoring network traffic for suspicious man-in-the-middle activity. Since the vulnerability involves non-enforced TLS certificate verification, ensuring that any TLS connections to the UPS server are secured and verified by other means may help reduce risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic between the NAS and the UPS server for unencrypted or improperly validated TLS connections. Since the issue involves non-enforced TLS certificate verification allowing man-in-the-middle attacks, you can use network analysis tools like Wireshark or tcpdump to capture and inspect the TLS handshake and verify if certificate validation is properly enforced. For example, you can use the command `tcpdump -i <interface> port <UPS communication port>` to capture traffic and then analyze it for signs of unencrypted or weak TLS usage. Additionally, checking the NAS UPS configuration settings for TLS certificate enforcement can help identify vulnerable setups. However, no specific detection commands are provided in the available resources. [1]