CVE-2025-14107 | ZSPACE Q2C NAS up to 1.1.0210050 HTTP POST Request /v2/file/safe/status zfilev2_api.SafeStatus safe_dir command injection

Inserito da Angelo Barbosa | Dic 5, 2025 | CVE

A vulnerability classified as critical was found in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safe_dir results in command injection.

This vulnerability was named CVE-2025-14107. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14107 | ZSPACE Q2C NAS up to 1.1.0210050 HTTP POST Request /v2/file/safe/status zfilev2_api.SafeStatus safe_dir command injection

Post correlati

CVE-2025-34031 | Query Parameter jsmol.php file_get_contents path traversal (EDB-46881)

CVE-2024-9897 | StreamWeasels Twitch Integration Plugin up to 1.8.6 on WordPress Shortcode sw-twitch-embed cross site scripting

CVE-2025-12397 | Google Looker Studio 2025-07-07 sql injection (gcp-2025-053)

CVE-2024-8727 | DK PDF Plugin up to 1.9.6 on WordPress cross site scripting