CVE-2025-13051 is a high-severity vulnerability classified under CWE-427 (Uncontrolled Search Path Element) affecting ASUSTOR's ABP and AES services. The root cause is that these services, when installed in directories writable by non-administrative users, allow attackers to replace or plant malicious DLL files with names matching those loaded by the service. Upon restarting the service, the system loads the attacker-controlled DLL under the LocalSystem account, resulting in unauthorized code execution with elevated privileges. This attack vector does not require user interaction and can be performed by an attacker with limited privileges on the system. The affected versions include ABP from 2.0 up to 2.0.7.9050 and AES from 1.0 up to 1.0.6.8290. The vulnerability has a CVSS 4.0 score of 9.3, reflecting its critical nature due to the combination of local attack vector, low complexity, no required authentication, and high impact on confidentiality, integrity, and availability. Although no exploits are publicly known yet, the ease of exploitation and privilege escalation potential make this a significant threat. The vulnerability arises from improper handling of DLL search paths, a common issue in Windows environments where the system searches for DLLs in directories that may be writable by unprivileged users. Attackers can leverage this to escalate privileges from a low-privileged user to SYSTEM level, potentially compromising the entire device or network segment. ASUSTOR NAS devices running these services are primarily targeted, which are often used in enterprise and SMB environments for storage and backup solutions.

For European organizations, the impact of CVE-2025-13051 is substantial. Successful exploitation leads to full system compromise on affected ASUSTOR NAS devices, enabling attackers to execute arbitrary code with SYSTEM privileges. This can result in data theft, ransomware deployment, disruption of business operations, and lateral movement within corporate networks. Confidentiality is at high risk as attackers can access sensitive stored data. Integrity is compromised since attackers can modify or delete files and configurations. Availability may be affected if attackers disrupt or disable NAS services. Given the widespread use of ASUSTOR NAS devices in European SMBs and enterprises for critical data storage and backup, this vulnerability could lead to significant operational and financial damage. The lack of required user interaction and low attack complexity increases the likelihood of exploitation once an attacker gains limited access to the system. Additionally, organizations in sectors such as finance, healthcare, and government, which rely heavily on data integrity and availability, face heightened risks. The vulnerability also poses a risk to supply chain security if NAS devices are used as part of broader infrastructure.

To mitigate CVE-2025-13051, European organizations should immediately verify the installation directories of ASUSTOR ABP and AES services to ensure they are not writable by non-administrative users. Restrict permissions on installation directories to administrative accounts only, preventing unauthorized DLL planting. Apply any available patches or updates from ASUSTOR as soon as they are released; monitor vendor communications closely since no patches are currently listed. Implement application whitelisting and code integrity checks to detect unauthorized DLLs. Regularly audit NAS devices for suspicious DLL files or unexpected service restarts. Employ network segmentation to limit access to NAS devices, reducing the attack surface. Use endpoint detection and response (EDR) tools to monitor for anomalous behavior indicative of privilege escalation. Educate system administrators about the risks of improper directory permissions and the importance of secure installation practices. Finally, maintain regular backups of critical data stored on NAS devices to enable recovery in case of compromise.