CVE-2025-13052
📋 TL;DR
This vulnerability allows attackers to perform man-in-the-middle attacks against SMTP email notifications in ASUSTOR ADM systems by exploiting improper TLS/SSL certificate validation in msmtp. Sensitive SMTP information can be intercepted when emails are sent. Affected systems include ASUSTOR ADM versions 4.1.0 through 4.3.3.RKD2 and 5.0.0 through 5.1.0.RN42.
💻 Affected Systems
- ASUSTOR ADM
📦 What is this software?
Data Master by Asustor
Data Master by Asustor
⚠️ Risk & Real-World Impact
Worst Case
Attackers intercept all SMTP traffic including authentication credentials, email content, and potentially gain access to email accounts or internal systems.
Likely Case
Interception of SMTP authentication credentials and email content during transmission between vulnerable systems and SMTP servers.
If Mitigated
No data exposure with proper TLS certificate validation and network segmentation preventing MITM positioning.
🎯 Exploit Status
Requires network positioning for MITM attack and active SMTP traffic to intercept. Exploitation depends on network architecture and attacker positioning.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ADM 4.3.4 and ADM 5.1.1 or later
Vendor Advisory: https://www.asustor.com/security/security_advisory_detail?id=49
Restart Required: Yes
Instructions:
1. Log into ADM web interface. 2. Go to Settings > ADM Update. 3. Check for updates. 4. Install ADM 4.3.4 or ADM 5.1.1 or later. 5. Restart system when prompted.
🔧 Temporary Workarounds
Disable SMTP notifications
allTemporarily disable email notifications until patch can be applied
Use local SMTP relay with strict certificate validation
allConfigure SMTP to use a local relay server with proper TLS certificate validation enabled
🧯 If You Can't Patch
- Segment network to prevent MITM positioning between ADM system and SMTP server
- Monitor network traffic for unexpected SSL/TLS certificate changes between ADM and SMTP servers
🔍 How to Verify
Check if Vulnerable:
Check ADM version in web interface: Settings > ADM Update. If version is between 4.1.0-4.3.3.RKD2 or 5.0.0-5.1.0.RN42 and SMTP notifications are configured, system is vulnerable.Check Version:
ssh admin@[nas-ip] 'cat /etc/nas.conf | grep version'Verify Fix Applied:
Verify ADM version is 4.3.4 or higher (for ADM 4.x) or 5.1.1 or higher (for ADM 5.x) in Settings > ADM Update.📡 Detection & Monitoring
Log Indicators:
- Failed SSL/TLS handshake attempts in msmtp logs
- Unexpected certificate warnings in system logs
Network Indicators:
- SSL/TLS certificate changes between ADM system and SMTP server
- Unencrypted SMTP traffic when TLS expected
SIEM Query:
source="asustor_adm" AND (event="ssl_error" OR event="certificate_validation_failed" OR process="msmtp")