CVE-2025-14108

High CVSS: 7.4

A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released.

Vendor

Zspace

Product

Q2c Nas Firmware

CWE

CWE-74

Yayın Tarihi

2025-12-05 22:15:49

Güncelleme

2025-12-16 08:15:52

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Q2c Nas Firmware HIGH Zspace 2025

Referanslar

https://vuldb.com/?ctiid.334490 https://vuldb.com/?id.334490 https://vuldb.com/?submit.697144 https://www.notion.so/2af6cf4e528a80258f60fa529c48d291

Benzer Kayıtlar

Medium

CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB dri…

Medium

CVE-2025-15133

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe…

Medium

CVE-2025-15132

A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of th…

Medium

CVE-2025-15131

A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/…

High

CVE-2025-14107

A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function…

High

CVE-2025-14106

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of th…