CVE-2025-66954

Published: Apr 20, 2026

Modified: Apr 20, 2026

PUBLISHED

Description

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/DBmonster19/CVE-2025-66954

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-66954

Description

Affected Products

References