CVE-2025-13052

HIGH7.0

An improper certificates validation vulnerability was found in the Notification settings of ADM

Published Dec 12, 2025

Modified 1 months ago

No fix available

Details

When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-middle (MITM) attack, which may obtain the sensitive information of the SMTP.

Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RKD2 as well as from ADM 5.0.0 through ADM 5.1.0.RN42.

References

ADVISORYhttps://www.asustor.com/security/security_advisory_detail?id=49 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-13052

CVSS Analysis

CVSS v4.0

7.0

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

PresentAT:P

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

LowVC:L

Vuln. Integrity

NoneVI:N

Vuln. Availability

NoneVA:N

Subsequent System

Subseq. Confidentiality

HighSC:H

Subseq. Integrity

HighSI:H

Subseq. Availability

LowSA:L

7/CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:L

Weakness Type (CWE)

Cryptography

CWE-295

Improper Certificate Validation

Ecosystems

Timeline

PublishedDec 12, 2025

ModifiedDec 12, 2025

CVE-2025-13052 | Mondoo Vulnerability Intelligence