CVE-2025-7379

A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from 1.2.0 before 1.2.0.r206.

CVSS

No CVSS.

References

Link	Resource
https://www.asustor.com/security/security_advisory_detail?id=42

Configurations

No configuration.

History

10 Jul 2025, 13:17

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de evasión de seguridad permite su explotación mediante el robo de pestañas inverso, un tipo de ataque de phishing en el que los atacantes pueden manipular el contenido de la pestaña original, lo que provoca el robo de credenciales y otros riesgos de seguridad. Este problema afecta a DataSync Center desde la versión 1.1.0 hasta la 1.1.0.r207 y desde la versión 1.2.0 hasta la 1.2.0.r206.

09 Jul 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-09 09:15

Updated : 2025-07-10 13:17

NVD link : CVE-2025-7379

Mitre link : CVE-2025-7379

CVE.ORG link : CVE-2025-7379

JSON object : View

Products Affected

No product.

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2025-7379", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@asustor.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-09T09:15:27.703", "references": [{"url": "https://www.asustor.com/security/security_advisory_detail?id=42", "source": "security@asustor.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@asustor.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from 1.2.0 before 1.2.0.r206."}, {"lang": "es", "value": "Una vulnerabilidad de evasi\u00f3n de seguridad permite su explotaci\u00f3n mediante el robo de pesta\u00f1as inverso, un tipo de ataque de phishing en el que los atacantes pueden manipular el contenido de la pesta\u00f1a original, lo que provoca el robo de credenciales y otros riesgos de seguridad. Este problema afecta a DataSync Center desde la versi\u00f3n 1.1.0 hasta la 1.1.0.r207 y desde la versi\u00f3n 1.2.0 hasta la 1.2.0.r206."}], "lastModified": "2025-07-10T13:17:30.017", "sourceIdentifier": "security@asustor.com"}