exploitDog

CVE-2025-13053

Опубликовано: 12 дек. 2025

Источник: nvd

CVSS3: 3.7

EPSS Низкий

Описание

When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) attack, which may obtain the sensitive information of the UPS server configuation.

This issue affects ADM: from 4.1.0 through 4.3.3.RKD2, from 5.0.0 through 5.1.0.RN42.

Ссылки

https://www.asustor.com/security/security_advisory_detail?id=49
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:asustor:data_master:*:*:*:*:*:*:*:*

Версия от 4.1.0.RHU2 (включая) до 4.3.3.ROF1 (исключая)

cpe:2.3:o:asustor:data_master:*:*:*:*:*:*:*:*

Версия от 5.0.0.ra82 (включая) до 5.1.1.RCI1 (исключая)

EPSS

Процентиль: 1%

0.0001

Низкий

3.7 Low

CVSS3

Дефекты

CWE-311

Связанные уязвимости

GHSA-wwvm-vmw2-56q8

CVSS3: 3.7

github

около 2 месяцев назад

When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) attack, which may obtain the sensitive information of the UPS server configuation. This issue affects ADM: from 4.1.0 through 4.3.3.RKD2, from 5.0.0 through 5.1.0.RN42.

EPSS

Процентиль: 1%

0.0001

Низкий

3.7 Low

CVSS3

Дефекты

CWE-311