CVE-2025-20055

Summary

OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may execute an arbitrary OS command.

Affected Software

VendorProductVersion RangeStatus
Y’S corporationSTEALTHONE D220firmware v6.03.02 and earlieraffected
Y’S corporationSTEALTHONE D340firmware v6.03.02 and earlieraffected

Weaknesses

  • CWE-78: Improper neutralization of special elements used in an OS command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References