CVE-2025-13053

A missing encryption of sensitive data vulnerability was found in the UPS settings of ADM

Description

When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) attack, which may obtain the sensitive information of the UPS server configuation. This issue affects ADM: from 4.1.0 through 4.3.3.RKD2, from 5.0.0 through 5.1.0.RN42.

INFO

Published Date :

2025-12-12T02:46:08.403Z

Last Modified :

2025-12-12T18:16:46.902Z

Source :

ASUSTOR1

AFFECTED PRODUCTS

The following products are affected by CVE-2025-13053 vulnerability.

Vendors	Products
Asustor	Adm Data Master

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-13053.

URL	Resource
https://www.asustor.com/security/security_advisory_detail?id=49

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact