CVE-2025-14107
Last modified
CVE-2025-14107 is a high-severity vulnerability rated 7.4/10 on the CVSS scale. A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. EPSS estimates a 10.78% chance of exploitation in the next 30 days.
Description
A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safe_dir results in command injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zspace | Q2c Nas Firmware | <= 1.1.0210050 |
References
- https://vuldb.com/?ctiid.334489Permissions Required, VDB Entry
- https://vuldb.com/?id.334489Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.697143Third Party Advisory, VDB Entry
- https://www.notion.so/2af6cf4e528a8001935bcdd9e77f1ebcExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-14107?
How severe is CVE-2025-14107?
How do I fix CVE-2025-14107?
Are you affected by CVE-2025-14107?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST