A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from 1.2.0 before 1.2.0.r206.
History

Wed, 09 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 09 Jul 2025 09:00:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in ASUSTOR ADM DataSync Center on Linux, x86, ARM, 64 bit allows Phishing.This issue affects ADM: from 1.1.0 before 1.1.0.R207, from 1.2.0 before 1.2.0.R207. A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from 1.2.0 before 1.2.0.r206.

Wed, 09 Jul 2025 08:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in ASUSTOR ADM DataSync Center on Linux, x86, ARM, 64 bit allows Phishing.This issue affects ADM: from 1.1.0 before 1.1.0.R207, from 1.2.0 before 1.2.0.R207.
Title A security bypass vulnerability was found in DataSync Center installed on ADM
Weaknesses CWE-352
References
Metrics cvssV4_0

{'score': 5.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ASUSTOR1

Published: 2025-07-09T08:31:02.925Z

Updated: 2025-07-09T13:41:06.585Z

Reserved: 2025-07-09T06:11:58.712Z

Link: CVE-2025-7379

cve-icon Vulnrichment

Updated: 2025-07-09T13:41:02.410Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-09T09:15:27.703

Modified: 2025-07-10T13:17:30.017

Link: CVE-2025-7379

cve-icon Redhat

No data.