Back to search
CVE-2025-13053
Published: Dec 12, 2025
Modified: Dec 12, 2025
PUBLISHED
Description
When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) attack, which may obtain the sensitive information of the UPS server configuation. This issue affects ADM: from 4.1.0 through 4.3.3.RKD2, from 5.0.0 through 5.1.0.RN42.
| Vendor | Product | Versions |
|---|---|---|
ASUSTOR | ADM | affected 4.1.0 - <= 4.3.3.RKD2affected 5.0.0 - <= 5.1.0.RN42 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now