{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22625", "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "state": "PUBLISHED", "assignerShortName": "hikvision", "dateReserved": "2026-01-08T05:37:27.997Z", "datePublished": "2026-01-30T11:03:14.801Z", "dateUpdated": "2026-02-27T14:42:08.422Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files."}], "affected": [{"vendor": "HIKSEMI", "product": "HS-AFS-S1H1", "versions": [{"version": "V5.10.10_Build_251126", "status": "affected"}]}], "references": [{"url": "https://www.hiksemitech.com/en/hiksemi/support/security-advisory.html"}], "credits": [{"lang": "en", "value": "Jincheng Wang", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "providerMetadata": {"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "shortName": "hikvision", "dateUpdated": "2026-01-30T11:03:14.801Z"}, "x_generator": {"engine": "cveClient/1.0.15"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-30T12:41:35.848702Z", "id": "CVE-2026-22625", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T14:42:08.422Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22625", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-30T12:41:35.848702Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-30T12:42:46.027Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Jincheng Wang"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HIKSEMI", "product": "HS-AFS-S1H1", "versions": [{"status": "affected", "version": "V5.10.10_Build_251126"}]}], "references": [{"url": "https://www.hiksemitech.com/en/hiksemi/support/security-advisory.html"}], "x_generator": {"engine": "cveClient/1.0.15"}, "descriptions": [{"lang": "en", "value": "Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files."}], "providerMetadata": {"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "shortName": "hikvision", "dateUpdated": "2026-01-30T11:03:14.801Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22625", "state": "PUBLISHED", "dateUpdated": "2026-02-27T14:42:08.422Z", "dateReserved": "2026-01-08T05:37:27.997Z", "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "datePublished": "2026-01-30T11:03:14.801Z", "assignerShortName": "hikvision"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files."}, {"lang": "es", "value": "Manejo inadecuado de nombres de archivo en ciertos productos NAS de HIKSEMI puede llevar a la exposici\u00f3n de archivos de sistema sensibles."}], "id": "CVE-2026-22625", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "hsrc@hikvision.com", "type": "Secondary"}]}, "published": "2026-01-30T11:15:55.893", "references": [{"source": "hsrc@hikvision.com", "url": "https://www.hiksemitech.com/en/hiksemi/support/security-advisory.html"}], "sourceIdentifier": "hsrc@hikvision.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T01:10:27.766368+00:00", "value": {"mitigation_remediation": ["Apply the vendor-released patch or update the HS\u2011AFS\u2011S1H1 firmware to a version that corrects the filename validation logic.", "If a patch is not yet available, restrict the NAS interface to trusted hosts only and disable any services that allow user-supplied filenames or remote file uploads.", "Enforce strict file permission controls on the NAS, ensuring that only authorized processes can read system files, thereby limiting the impact of any path traversal attempt."], "summary": {"action": "Assess Impact", "impact": "Sensitive System File Exposure"}, "threat_synthesis": {"affected_systems": "The affected product is the HIKSEMI HS\u2011AFS\u2011S1H1 NAS. Version details are not disclosed, so any firmware version currently running on this device is considered at risk until the vendor issues a fix.", "description_and_impact": "This vulnerability is caused by the NAS device\u2019s inadequate validation of filenames, enabling the traversal of directory boundaries. By supplying crafted filenames, an attacker can request the device to read files located outside the intended directory structure, potentially exposing configuration data and other sensitive system files. The primary consequence is a confidentiality breach that could leak privileged information.", "risk_and_exploitability": "The CVSS base score of 4.6 classifies the issue as moderate severity. The EPSS score of less than 1% indicates that it is very unlikely to be exploited in the wild, and the vulnerability is not catalogued as a known exploited vulnerability by CISA. Nonetheless, the flaw enables an attacker with access to the NAS interface to read restricted files, so organizations should monitor logs for suspicious file access operations and apply a patch as soon as it becomes available. The attack vector is presumed local or internal, as the flaw requires interaction with the NAS\u2019s file handling functionality."}}}}, "created": "2026-02-02T09:27:50.006208+00:00", "title": "Exposing Sensitive System Files via Improper Filename Handling", "updated": "2026-04-18T01:15:05.991978+00:00", "vendors": ["hiksemi", "hiksemi$PRODUCT$hs-afs-s1h1"]}