CNNVD-202511-2269 Information

Nov 19, 2025 cve

CNNVD ID

CNNVD-202511-2269

CVE-2025-13051

  • CNNVD Published: 2025-11-19

Description (Chinese)

ASUSTOR Backup Plan(ABP)和ASUSTOR EZSync(AES)都是中国台北华芸科技(ASUSTOR)公司的产品。ASUSTOR Backup Plan是一个Windows备份工具。ASUSTOR EZSync是一款为NAS设备实现双向文件同步的工具。 ASUSTOR Backup Plan(ABP) 2.0版本至2.0.7.9050版本和ASUSTOR EZSync(AES) 1.0版本至1.0.6.8290版本存在安全漏洞,该漏洞源于服务安装在非管理员用户可写目录,可能导致攻击者替换或植入DLL执行任意代码。

Description (English)

SUSTOR Backup Plan (ABP) and SUSTOR EZSync (AES) are products of the Chinese company ASUSTOR. SUSTOR Backup Plan is a Windows backup tool. SUSTOR EZSync is a tool to synchronize two-way files for NAS devices. There is a security loophole between AUSTOR Backup Plan (ABP) Version 2.0 to 2.0.7.9050 and AUSTOR EZSync (AES) Version 1.0 to 1.0.68290, which stems from the installation of a service in a non-administer user-enable directory, which may result in an attacker replacing or embedding a DLL to enforce any code.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

华芸科技

Published

2025-11-19

Last Modified

2026-02-24

References

https://www.asustor.com/security/security_advisory_detail?id=48

Patch

https://www.asustor.com/security/security_advisory_detail?id=48

Share on: