CVE-2025-20016

Summary

OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340/D440 provided by Y'S corporation. A user with an administrative privilege who logged in to the web management page of the affected product may execute an arbitrary OS command.

Affected Software

VendorProductVersion RangeStatus
Y’S corporationSTEALTHONE D220firmware v6.03.02 and earlieraffected
Y’S corporationSTEALTHONE D340firmware v6.03.02 and earlieraffected
Y’S corporationSTEALTHONE D440firmware v7.00.10 and earlieraffected

Weaknesses

  • CWE-78: Improper neutralization of special elements used in an OS command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References