CVE-2025-13053

High CVSS: 7.0

When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) attack, which may obtain the sensitive information of the UPS server configuation.

This issue affects ADM: from 4.1.0 through 4.3.3.RKD2, from 5.0.0 through 5.1.0.RN42.

Vendor

Asustor

Product

Data Master

CWE

CWE-311

Yayın Tarihi

2025-12-12 03:15:51

Güncelleme

2026-01-28 14:54:44

Source Identifier

security@asustor.com

KEV Date Added

Kategoriler

CWE-311 Data Master HIGH Asustor 2025

Referanslar

https://www.asustor.com/security/security_advisory_detail?id=49

Benzer Kayıtlar

Critical

CVE-2026-3179

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listi…

High

CVE-2026-3100

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP ser…

Critical

CVE-2026-24936

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerab…

High

CVE-2026-24932

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Althou…

High

CVE-2026-24933

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An…

Medium

CVE-2026-24934

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an externa…