Asustor ADM Improper Certificate Validation in SMTP Notification Settings Man-in-the-Middle Vulnerability

Vulnerability

A vulnerability exists in Asustor ADM versions 4.1.0 prior to 4.3.3.RKD2 and 5.0.0 prior to 5.1.0.RN42. When users configure the Notification sender to use msmtp for SMTP email delivery, the application fails to properly validate TLS/SSL certificates. This flaw allows an attacker to intercept network traffic between the SMTP client and server, executing a man-in-the-middle (MITM) attack that could capture sensitive information being transmitted via SMTP.

Impact

Exploitation of this vulnerability could lead to a man-in-the-middle (MITM) attack, allowing interception and potential misuse of sensitive information sent from the SMTP client to the server.

Added: Dec 12, 2025, 3:22 AM

Updated: Dec 12, 2025, 3:22 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Asustor ADM Improper Certificate Validation in SMTP Notification Settings Man-in-the-Middle Vulnerability

Vulnerability

Impact

Affected Products

ASUSTOR ADM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating