CVE-2025-7699— An improper access control vulnerability was found in the EZ Sync Manager of ADM
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-7699
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
An improper access control vulnerability was found in the EZ Sync Manager of ADM
Source: NVD (National Vulnerability Database)
Vulnerability Description
An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows authenticated users to copy arbitrary files from the server file system into their own EZSync folder. The vulnerability is due to a lack of authorization checks on the file parameter of the HTTP request. Attackers can exploit this flaw to access files outside their authorized scope, provided the file has readable permissions for other users on the underlying OS. This can lead to unauthorized exposure of sensitive data. Affected products and versions include: from ADM 4.1.0 to ADM 4.3.3.RH61 as well as ADM 5.0.0.RIN1 and earlier.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
ASUSTOR ADM 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ASUSTOR ADM是中国华芸科技(ASUSTOR)公司的一种所有 ASUSTOR NAS 设备的专用操作系统。 ASUSTOR ADM 4.1.0至4.3.3.RH61版本和5.0.0.RIN1及之前版本存在安全漏洞,该漏洞源于EZ Sync Manager访问控制不当,可能导致未授权文件访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-7699
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-7699
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: ADM
- CVE-2026-6644
A command injection vulnerability was found in the PPTP VPN - CVE-2026-6643
A stack-based buffer overflow vulnerability in the VPN Clien - CVE-2026-3179
A path traversal vulnerability was found in the FTP Backup o - CVE-2026-3100
An improper certificate validation vulnerability was found i - CVE-2026-24936
An improper input validation vulnerability was found in ADM
Same vendor: ASUSTOR
- CVE-2026-3179
A path traversal vulnerability was found in the FTP Backup o - CVE-2026-3100
An improper certificate validation vulnerability was found i - CVE-2026-24936
An improper input validation vulnerability was found in ADM - CVE-2026-24935
An improper certificate validation vulnerability was found i - CVE-2026-24934
An improper certificate validation vulnerability was found i
Same weakness: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. Comments for CVE-2025-7699
No comments yet