CVE-2025-14106 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-14106?

CVE-2025-14106 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary commands on ZSPACE Q2C NAS devices by injecting malicious input into the safe_dir parameter of the HTTP POST request handler. Attackers can exploit this without authentication to gain full control of affected systems. All users running vulnerable versions of ZSPACE Q2C NAS are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on ZSPACE Q2C NAS devices by injecting malicious input into the safe_dir parameter of the HTTP POST request handler. Attackers can exploit this without authentication to gain full control of affected systems. All users running vulnerable versions of ZSPACE Q2C NAS are affected.

💻 Affected Systems

Products:

ZSPACE Q2C NAS

Versions: Up to version 1.1.0210050

Operating Systems: NAS-specific OS (likely Linux-based)

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable as the vulnerable endpoint is part of the standard web interface.

📦 What is this software?

Q2c Nas Firmware by Zspace

View all CVEs affecting Q2c Nas Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, steal data, pivot to other systems, or render the NAS unusable.

🟠

Likely Case

Remote code execution leading to data theft, ransomware deployment, or unauthorized access to stored files.

🟢

If Mitigated

Limited impact if network segmentation and strict firewall rules prevent external access to the vulnerable endpoint.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via HTTP POST requests without authentication.

🏢 Internal Only: HIGH - Even internally, any user or compromised system on the network could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The exploit is publicly available and requires minimal technical skill to execute against vulnerable systems.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor plans to release a fix but hasn't specified version

Vendor Advisory: None provided in references

Restart Required: Yes

Instructions:

1. Monitor vendor announcements for patch release. 2. Apply vendor-provided update when available. 3. Restart NAS device after patching.

🔧 Temporary Workarounds

Block Vulnerable Endpoint

linux

Use firewall or web application firewall to block access to /v2/file/safe/close endpoint

iptables -A INPUT -p tcp --dport 80 -m string --string "/v2/file/safe/close" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -m string --string "/v2/file/safe/close" --algo bm -j DROP

Network Segmentation

all

Isolate NAS device from internet and restrict internal access

🧯 If You Can't Patch

Disable the vulnerable web interface entirely if not required for operations
Implement strict network access controls to limit which systems can communicate with the NAS

🔍 How to Verify

Check if Vulnerable:

Check NAS web interface version in admin panel or run: grep -i version /etc/*release* on the device

Check Version:

Check web admin interface or SSH into device and check system version files

Verify Fix Applied:

After vendor patch, verify version is above 1.1.0210050 and test the vulnerable endpoint with safe input

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /v2/file/safe/close with unusual safe_dir parameters
System logs showing unexpected command execution or process creation

Network Indicators:

HTTP traffic to NAS on port 80/443 containing command injection patterns in POST data
Outbound connections from NAS to suspicious external IPs

SIEM Query:

source="nas_logs" AND (uri="/v2/file/safe/close" AND (safe_dir="*;*" OR safe_dir="*|*" OR safe_dir="*`*"))

📊 Metadata

CVE ID: CVE-2025-14106

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-74

EPSS Score: 0.6% exploit probability (68.9th percentile)

Published: December 5, 2025

Last Updated: December 16, 2025

🔗 References

https://vuldb.com/?ctiid.334488 Permissions Required,VDB Entry
https://vuldb.com/?id.334488 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.697141 Third Party Advisory,VDB Entry
https://www.notion.so/2af6cf4e528a80bab847dcc1fb677590 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14106, you might also want to check these: