Back to search
CVE-2025-13051
Published: Nov 19, 2025
Modified: Nov 19, 2025
PUBLISHED
Description
When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges. This issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290.
| Vendor | Product | Versions |
|---|---|---|
ASUSTOR | ABP and AES | affected ABP 2.0 - <= 2.0.7.9050affected AES 1.0 - <= 1.0.6.8290 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now