CNNVD-202507-1846 Information
CNNVD ID
CNNVD-202507-1846
Related CVE
- CNNVD Published: 2025-07-14
Description (Chinese)
Avid NEXIS E-series等都是美国Avid公司的一款虚拟化存储平台。 Avid多款产品存在安全漏洞,该漏洞源于未验证文件名参数路径,可能导致任意文件读取攻击。以下产品及版本受到影响:Avid NEXIS E-series、Avid NEXIS F-series、Avid NEXIS PRO+和System Director Appliance (SDA+) 2025.5.1之前版本。
Description (English)
Avid NEXIS E-series are all virtual storage platforms of the American company Avid. There is a safety loophole in Avid ’ s multiple products, which stems from the failure to verify the path of the file name parameter, which could lead to an attack on any document. The following products and versions were affected: Avid NEXIS E-services, Avid NEXIS F-services, Avid NEXIS PRO+ and System Director Application (SDA+) 2025.5.1.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Avid
Published
2025-07-14
Last Modified
2026-02-24
References
https://raeph123.github.io/BlogPosts/Avid_Nexis/Advisory_Avid_Nexus_Agent_Multiple_Vulnerabilities_en.html https://resources.avid.com/SupportFiles/attach/AvidNEXIS/AvidNEXIS_2025_5_1_ReadMe.pdf https://access.redhat.com/security/cve/cve-2024-26291
Patch
https://kb.avid.com/pkb/articles/troubleshooting/en239659
Share on: