CVE-2025-14107 | ZSPACE Q2C NAS up to 1.1.0210050 HTTP POST Request /v2/file/safe/status zfilev2_api.SafeStatus safe_dir command injection

December 5, 2025 Yanac

A vulnerability classified as critical was found in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safe_dir results in command injection.

This vulnerability was named CVE-2025-14107. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More