{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-7379", "assignerOrgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77", "state": "PUBLISHED", "assignerShortName": "ASUSTOR1", "dateReserved": "2025-07-09T06:11:58.712Z", "datePublished": "2025-07-09T08:31:02.925Z", "dateUpdated": "2025-07-09T13:41:06.585Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "DataSync Center", "platforms": ["Linux", "x86", "ARM", "64 bit"], "product": "ADM", "vendor": "ASUSTOR", "versions": [{"lessThan": "1.1.0.r207", "status": "affected", "version": "1.1.0", "versionType": "custom"}, {"lessThan": "1.2.0.r206", "status": "affected", "version": "1.2.0", "versionType": "custom"}]}], "datePublic": "2025-07-09T08:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from 1.2.0 before 1.2.0.r206."}], "value": "A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from 1.2.0 before 1.2.0.r206."}], "impacts": [{"capecId": "CAPEC-98", "descriptions": [{"lang": "en", "value": "CAPEC-98 Phishing"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 5.2, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77", "shortName": "ASUSTOR1", "dateUpdated": "2025-07-09T08:41:09.663Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.asustor.com/security/security_advisory_detail?id=42"}], "source": {"discovery": "UNKNOWN"}, "title": "A security bypass vulnerability was found in DataSync Center installed on ADM", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-09T13:39:51.380803Z", "id": "CVE-2025-7379", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-09T13:41:06.585Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7379", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-09T13:39:51.380803Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-09T13:41:02.410Z"}}], "cna": {"title": "A security bypass vulnerability was found in DataSync Center installed on ADM", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-98", "descriptions": [{"lang": "en", "value": "CAPEC-98 Phishing"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ASUSTOR", "product": "ADM", "versions": [{"status": "affected", "version": "1.1.0", "lessThan": "1.1.0.r207", "versionType": "custom"}, {"status": "affected", "version": "1.2.0", "lessThan": "1.2.0.r206", "versionType": "custom"}], "platforms": ["Linux", "x86", "ARM", "64 bit"], "packageName": "DataSync Center", "defaultStatus": "unaffected"}], "datePublic": "2025-07-09T08:30:00.000Z", "references": [{"url": "https://www.asustor.com/security/security_advisory_detail?id=42", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from 1.2.0 before 1.2.0.r206.", "supportingMedia": [{"type": "text/html", "value": "A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from 1.2.0 before 1.2.0.r206.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77", "shortName": "ASUSTOR1", "dateUpdated": "2025-07-09T08:41:09.663Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7379", "state": "PUBLISHED", "dateUpdated": "2025-07-09T13:41:06.585Z", "dateReserved": "2025-07-09T06:11:58.712Z", "assignerOrgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77", "datePublished": "2025-07-09T08:31:02.925Z", "assignerShortName": "ASUSTOR1"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from 1.2.0 before 1.2.0.r206."}, {"lang": "es", "value": "Una vulnerabilidad de evasi\u00f3n de seguridad permite su explotaci\u00f3n mediante el robo de pesta\u00f1as inverso, un tipo de ataque de phishing en el que los atacantes pueden manipular el contenido de la pesta\u00f1a original, lo que provoca el robo de credenciales y otros riesgos de seguridad. Este problema afecta a DataSync Center desde la versi\u00f3n 1.1.0 hasta la 1.1.0.r207 y desde la versi\u00f3n 1.2.0 hasta la 1.2.0.r206."}], "id": "CVE-2025-7379", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@asustor.com", "type": "Secondary"}]}, "published": "2025-07-09T09:15:27.703", "references": [{"source": "security@asustor.com", "url": "https://www.asustor.com/security/security_advisory_detail?id=42"}], "sourceIdentifier": "security@asustor.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@asustor.com", "type": "Secondary"}]}

{}

{"created": "2025-07-13T22:31:24.109895+00:00", "updated": "2025-07-13T22:31:24.109948+00:00", "vendors": ["asustor", "asustor$PRODUCT$adm", "asustor$PRODUCT$datasync_center"]}