CVE-2025-7618 is a stored Cross-Site Scripting (XSS) vulnerability identified in ASUSTOR's ADM (ASUSTOR Data Master) operating system, specifically affecting the File Explorer and Text Editor applications. The vulnerability arises from improper neutralization of input during web page generation (CWE-79), allowing an attacker to inject malicious scripts that are persistently stored and later executed in the context of the affected web applications. This flaw exists in ADM versions from 4.1.0 up to 4.3.3.RH61, as well as in version 5.0.0.RIN1 and earlier, and in Text Editor version 1.0.0.r112 and earlier. Exploiting this vulnerability does not require authentication but does require user interaction, such as opening or interacting with a maliciously crafted file or interface element within the ADM File Explorer or Text Editor. Once exploited, the injected script can access browser cookies and other sensitive information retained by the browser, potentially leading to session hijacking or unauthorized actions within the ADM environment. The CVSS v4.0 base score is 4.8, reflecting a medium severity level, with attack vector being network-based, low attack complexity, no privileges required, but user interaction necessary. The vulnerability does not affect confidentiality or availability directly but poses a risk to integrity and confidentiality through potential session theft or unauthorized command execution within the ADM web interface. No known public exploits or patches have been reported at the time of publication.

For European organizations using ASUSTOR ADM devices, particularly those leveraging the File Explorer and Text Editor applications, this vulnerability could lead to unauthorized access to sensitive data and session tokens, potentially allowing attackers to impersonate legitimate users or execute unauthorized commands within the ADM environment. This could compromise the integrity of stored data and the confidentiality of user sessions. Given that ADM is often used for network-attached storage (NAS) in enterprise and SMB environments, exploitation could lead to lateral movement within internal networks or data exfiltration. The requirement for user interaction somewhat limits the attack surface but does not eliminate risk, especially in environments where multiple users access ADM interfaces. The absence of known exploits in the wild reduces immediate risk but does not preclude targeted attacks. European organizations with critical data stored on ASUSTOR devices or integrated ADM systems should consider this vulnerability a moderate risk that could impact business continuity and data security if exploited.

1. Immediate mitigation should include updating ASUSTOR ADM to the latest available version once a patch addressing CVE-2025-7618 is released by the vendor. 2. Until patches are available, restrict access to ADM web interfaces to trusted networks and users only, employing network segmentation and firewall rules to limit exposure. 3. Implement strict input validation and sanitization on any custom integrations or scripts interacting with ADM, if applicable. 4. Educate users to avoid opening suspicious files or links within the ADM File Explorer and Text Editor interfaces to reduce the risk of triggering stored XSS payloads. 5. Monitor ADM logs and network traffic for unusual activities that could indicate exploitation attempts. 6. Consider deploying Web Application Firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting ADM interfaces. 7. Employ multi-factor authentication (MFA) on ADM user accounts to reduce the impact of session hijacking. 8. Regularly back up ADM configurations and data to enable recovery in case of compromise.