CVE-2025-66848

None

Description

JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier) contain an unauthorized remote command execution vulnerability.

INFO

Published Date :

2025-12-30T00:00:00.000Z

Last Modified :

2026-01-02T18:10:23.863Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2025-66848 vulnerability.

Vendors	Products
Jdcloud	Ax1800 Ax1800 Firmware Ax3000 Ax3000 Firmware Ax6600 Ax6600 Firmware Be6500 Be6500 Firmware Er1 Er1 Firmware Er2 Er2 Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66848.

URL	Resource
http://jd.com
https://www.jdcloud.com/cn/
https://www.notion.so/JD-Cloud-Unauth-RCE-2d22b76e8e0c802c975bf186b208d0c2

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact