CNNVD-202508-2740 Information

Aug 22, 2025 cve

CNNVD ID

CNNVD-202508-2740

CVE-2025-50674

CNNVD Published: 2025-08-22

Description (Chinese)

openmediavault是openmediavault开源的一种基于Debian Linux网络存储（NAS）解决方案。该服务包含SSH，（S）FTP，SMB / CIFS，DAAP媒体服务器，RSync，BitTorrent客户端等服务。由于框架的模块化设计，可以通过插件对其进行增强。 openmediavault 7.4.17版本存在安全漏洞，该漏洞源于文件/usr/share/php/openmediavault/system/user.inc中的changePassword方法存在缺陷，可能导致本地认证用户提升权限至root。

Description (English)

Openmediavault is an openmediavault-based web-based storage (NAS) solution. The service includes SSH,(S)FTP, SMB / CIFS, DAAP Media Server, RSync, BitTorrent Client, etc. As a result of the modular design of the framework, it can be enhanced through plugins. There is a security loophole in version 7.4.17, which stems from deficiencies in the ChangePassword method in document/usr/share/php/openmediavalt/system/user.inc, which may lead to local authentication users increasing their privileges to root.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

openmediavault

Published

2025-08-22

Last Modified

2026-02-24

References

https://gist.github.com/xbz0n/4b98e9291ddd5bb5e6232609e36b2082 http://openmediavault.com https://xbz0n.sh/blog/CVE-2025-50674 https://nvd.nist.gov/vuln/detail/CVE-2025-50674

Share on: