漏洞标识符: CVE-2025-14108, VDB-334490, EUVD-2025-201501 漏洞评分: CVSS Meta Temp Score 8.0 漏洞类型: Command Injection 受影响产品: ZSPACE Q2C NAS up to 1.1.0210050 漏洞影响: Affects the function zf1lev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. Manipulation of the argument safe_dir leads to command injection. 漏洞状态: Critical, remote exploit possible. 漏洞细节: Vulnerability found in ZSPACE Q2C NAS up to 1.1.0210050. Classified as critical. Instrumentation of the argument safe_dir with an unknown input leads to a command injection. Vulnerability leads to CWE-77. Product constructs all or part of a command with externally-influenced input from an upstream component. 参考信息: The advisory is available at notion.so. The exploitation is known to be easy. The attack can be launched remotely. 厂商响应: The vendor was contacted early about this disclosure but did not respond in any way.