exploitDog

GHSA-6348-w693-wj25

Опубликовано: 10 окт. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 8.4

CVSS3: 6.7

Описание

NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

Ссылки

EPSS

Процентиль: 5%

0.00022

Низкий

8.4 High

CVSS4

6.7 Medium

CVSS3

CVE ID

Дефекты

CWE-428

Связанные уязвимости

CVE-2025-61871

CVSS3: 6.7

nvd

4 месяца назад

NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

EPSS

Процентиль: 5%

0.00022

Низкий

8.4 High

CVSS4

6.7 Medium

CVSS3

CVE ID

Дефекты

CWE-428