ASUSTOR ADM
Moderate fix1 remedy
cpe:2.3:a:asustor:adm:*:*:*:*:*:*:*, +1 more
Moderate fix1 remedy
- >= 4.1.0, <= 4.3.3.ROF1
- >= 5.0.0, <= 5.1.2.RE51
Asustor ADM FTP Backup Path Traversal Vulnerability Allowing Arbitrary File Overwrite
Vulnerability
Patched
A path traversal vulnerability has been identified in the FTP Backup feature on Asustor's ADM operating system. This vulnerability affects versions 4.1.0 prior to 4.3.3.ROF1 and 5.0.0 prior to 5.1.2.RE51. The issue arises because the FTP Backup does not properly sanitize filenames received from the FTP server when parsing directory listings. As a result, a malicious server or a Man-in-the-Middle (MitM) attacker could craft filenames with path traversal sequences, leading the client to write files outside the designated backup directory. Exploiting this vulnerability could allow an attacker to overwrite arbitrary files on the system, potentially escalating privileges or executing remote code.
Impact
Successful exploitation allows overwriting of arbitrary files on the system, with potential for privilege escalation or remote code execution.
Remediation
Users can upgrade to Asustor ADM 5.1.2.REO1 or above. For versions 4.1, 4.2, and 4.3, the vulnerability is still ongoing.
Added: Feb 25, 2026, 6:20 AM
Updated: Feb 25, 2026, 2:44 PM
Vulnerability Rating
Custom Algorithm
spread
5.0impact
7.5exploitability
4.6remediation
7.7relevance
3.4threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.