1. Home
  2. CVE Database
  3. CVE-2025-66848
CRITICAL · 9.8

CVE-2025-66848

JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5...

Vulnerability Description

JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier) contain an unauthorized remote command execution vulnerability.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
JdcloudAx1800 Firmware<= 4.3.1.r4308
JdcloudAx1800-
JdcloudAx3000 Firmware<= 4.3.1.r4318
JdcloudAx3000-
JdcloudAx6600 Firmware<= 4.5.1.r4533
JdcloudAx6600-
JdcloudBe6500 Firmware<= 4.4.1.r4308
JdcloudBe6500-
JdcloudEr1 Firmware<= 4.5.1.r4518
JdcloudEr1-
JdcloudEr2 Firmware<= 4.5.1.r4518
JdcloudEr2-

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2025-66848?

CVE-2025-66848 is a vulnerability with a CVSS score of 9.8 (CRITICAL). JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5...

How severe is CVE-2025-66848?

CVE-2025-66848 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-66848?

Check the references section above for vendor advisories and patch information. Affected products include: Jdcloud Ax1800 Firmware, Jdcloud Ax1800, Jdcloud Ax3000 Firmware, Jdcloud Ax3000, Jdcloud Ax6600 Firmware.