CVE-2025-14108 | ZSPACE Q2C NAS up to 1.1.0210050 HTTP POST Request /v2/file/safe/open zfilev2_api.OpenSafe safe_dir command injection

A vulnerability, which was classified as critical, has been found in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes command injection.

The identification of this vulnerability is CVE-2025-14108. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More