Primary

Context

Asustor ADM Improper Input Validation Vulnerability in CGI Program Allowing Arbitrary File Write

Vulnerability

Patched

A vulnerability exists in Asustor's ADM operating system, specifically in versions 4.1.0 through 4.3.3.ROF1 and 5.0.0 through 5.1.1.RCI1. When joining an Active Directory domain, a certain function can be enabled that introduces improper input validation in a CGI program. This flaw allows an unauthenticated remote attacker to write arbitrary data to any file on the system. Exploitation of this vulnerability could lead to overwriting critical system files, resulting in a complete system compromise.

Impact

Successful exploitation allows for overwriting of critical system files, leading to a complete system compromise.

Remediation

Users can upgrade to Asustor ADM 5.1.2.RE31 or above. For ADM 4.3, 4.2, and 4.1 users, the fix is ongoing.

Added: Feb 3, 2026, 4:19 AM

Updated: Feb 3, 2026, 4:19 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

7.5

exploitability

6.2

remediation

7.7

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

7.5

exploitability

6.2

remediation

7.7

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Asustor ADM Improper Input Validation Vulnerability in CGI Program Allowing Arbitrary File Write

Vulnerability

Impact

Remediation

Affected Products

ASUSTOR ADM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating