CVE-2025-69431 — MEDIUM (6.1)

Q: How severe is CVE-2025-69431?

CVE-2025-69431 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-69431?

Check the references section above for vendor advisories and patch information. Affected products include: Zspace Q2C Firmware, Zspace Q2C.

Vulnerability Description

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Samba protocol. This allows them to obtain all files within the NAS system and tamper with those files.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Zspace	Q2C Firmware	<= 1.1.0210050
Zspace	Q2C	-

Related Weaknesses (CWE)

CWE-59

References

https://www.notion.so/ZSPACE-Incorrect-Symlink-Follow-2c26cf4e528a8087ba14d9b1d3ExploitThird Party Advisory

FAQ

What is CVE-2025-69431?

CVE-2025-69431 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into ...

How severe is CVE-2025-69431?

CVE-2025-69431 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-69431?

Check the references section above for vendor advisories and patch information. Affected products include: Zspace Q2C Firmware, Zspace Q2C.