CVE-2025-7699 (GCVE-0-2025-7699)
Vulnerability from cvelistv5
Published
2025-07-16 09:41
Modified
2025-07-16 14:39
Severity ?
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CWE
  • CWE-287 - Improper Authentication
Summary
An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request. Attackers can exploit this flaw to access files outside their authorized scope, provided the file has readable permissions for other users on the underlying OS. This can lead to unauthorized exposure of sensitive data. Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier.
References
security@asustor.comhttps://www.asustor.com/security/security_advisory_detail?id=46
Impacted products
Vendor Product Version
ASUSTOR ADM Version: 4.1.0   <
Version: 5.0.0   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7699",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-16T14:29:12.986169Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-16T14:39:53.942Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "EZ Sync Manager",
          "platforms": [
            "Linux",
            "x86",
            "ARM",
            "64 bit"
          ],
          "product": "ADM",
          "vendor": "ASUSTOR",
          "versions": [
            {
              "lessThanOrEqual": "4.3.3.RH61",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.0.0.RIN1",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Engin Aydo\u011fan"
        }
      ],
      "datePublic": "2025-07-16T09:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper access control vulnerability  was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request. Attackers can exploit this flaw to access files outside their authorized scope, provided the file has readable permissions for other users on the underlying OS. This can lead to unauthorized exposure of sensitive data.\nAffected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier."
            }
          ],
          "value": "An improper access control vulnerability  was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request. Attackers can exploit this flaw to access files outside their authorized scope, provided the file has readable permissions for other users on the underlying OS. This can lead to unauthorized exposure of sensitive data.\nAffected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-16T09:41:12.220Z",
        "orgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
        "shortName": "ASUSTOR1"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.asustor.com/security/security_advisory_detail?id=46"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "An improper access control vulnerability  was found in the EZ Sync Manager of ADM",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
    "assignerShortName": "ASUSTOR1",
    "cveId": "CVE-2025-7699",
    "datePublished": "2025-07-16T09:41:12.220Z",
    "dateReserved": "2025-07-16T03:13:18.895Z",
    "dateUpdated": "2025-07-16T14:39:53.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-7699\",\"sourceIdentifier\":\"security@asustor.com\",\"published\":\"2025-07-16T10:15:29.667\",\"lastModified\":\"2025-07-16T14:58:59.837\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper access control vulnerability  was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request. Attackers can exploit this flaw to access files outside their authorized scope, provided the file has readable permissions for other users on the underlying OS. This can lead to unauthorized exposure of sensitive data.\\nAffected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@asustor.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security@asustor.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"references\":[{\"url\":\"https://www.asustor.com/security/security_advisory_detail?id=46\",\"source\":\"security@asustor.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-7699\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-16T14:29:12.986169Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-16T14:29:17.172Z\"}}], \"cna\": {\"title\": \"An improper access control vulnerability  was found in the EZ Sync Manager of ADM\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Engin Aydo\\u011fan\"}], \"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115 Authentication Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ASUSTOR\", \"product\": \"ADM\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.3.3.RH61\"}, {\"status\": \"affected\", \"version\": \"5.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.0.0.RIN1\"}], \"platforms\": [\"Linux\", \"x86\", \"ARM\", \"64 bit\"], \"packageName\": \"EZ Sync Manager\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-07-16T09:30:00.000Z\", \"references\": [{\"url\": \"https://www.asustor.com/security/security_advisory_detail?id=46\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper access control vulnerability  was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request. Attackers can exploit this flaw to access files outside their authorized scope, provided the file has readable permissions for other users on the underlying OS. This can lead to unauthorized exposure of sensitive data.\\nAffected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An improper access control vulnerability  was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request. Attackers can exploit this flaw to access files outside their authorized scope, provided the file has readable permissions for other users on the underlying OS. This can lead to unauthorized exposure of sensitive data.\\nAffected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77\", \"shortName\": \"ASUSTOR1\", \"dateUpdated\": \"2025-07-16T09:41:12.220Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-7699\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-16T14:39:53.942Z\", \"dateReserved\": \"2025-07-16T03:13:18.895Z\", \"assignerOrgId\": \"f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77\", \"datePublished\": \"2025-07-16T09:41:12.220Z\", \"assignerShortName\": \"ASUSTOR1\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.