CVE-2025-50674 – A privilege escalation vulnerability in OpenMed... (How to Fix)

Q: What is the severity of CVE-2025-50674?

CVE-2025-50674 has a CVSS score of 7.8 (HIGH). A privilege escalation vulnerability in OpenMediaVault's changePassword method allows local authenticated users to gain root privileges. This affects OpenMediaVault 7.4.17 installations where users have local access to the system. Attackers can exploit this to completely compromise the NAS system.

📋 TL;DR

A privilege escalation vulnerability in OpenMediaVault's changePassword method allows local authenticated users to gain root privileges. This affects OpenMediaVault 7.4.17 installations where users have local access to the system. Attackers can exploit this to completely compromise the NAS system.

💻 Affected Systems

Products:

OpenMediaVault

Versions: 7.4.17

Operating Systems: Debian-based Linux (OpenMediaVault OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with local user accounts. Remote exploitation requires initial local access.

📦 What is this software?

Openmediavault by Openmediavault

View all CVEs affecting Openmediavault →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root access, allowing data theft, destruction, or persistence mechanisms installation.

🟠

Likely Case

Local authenticated users escalate to root, gaining full control over the NAS system and all stored data.

🟢

If Mitigated

Limited impact if proper access controls restrict local user accounts and network segmentation is implemented.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over network.

🏢 Internal Only: HIGH - Any local authenticated user can exploit this to gain root privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local authenticated access. Public proof-of-concept available in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.4.18 or later

Vendor Advisory: http://openmediavault.com

Restart Required: No

Instructions:

1. Update OpenMediaVault via web interface or command line. 2. Run 'omv-upgrade' as root. 3. Verify version is 7.4.18 or higher.

🔧 Temporary Workarounds

Restrict Local User Access

linux

Limit local user accounts to only necessary personnel and implement strict access controls.

Disable Unnecessary Local Accounts

linux

Remove or disable local user accounts that don't require system access.

sudo deluser <username>
sudo usermod -L <username>

🧯 If You Can't Patch

Implement strict network segmentation to isolate OpenMediaVault from other critical systems
Monitor for privilege escalation attempts and review local user activity logs regularly

🔍 How to Verify

Check if Vulnerable:

Check OpenMediaVault version: 'cat /etc/openmediavault/version' or via web interface. If version is 7.4.17, system is vulnerable.

Check Version:

cat /etc/openmediavault/version

Verify Fix Applied:

Verify version is 7.4.18 or higher using 'cat /etc/openmediavault/version' or web interface.

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation attempts in auth.log
Root access from non-privileged user accounts
Changes to /usr/share/php/openmediavault/system/user.inc

Network Indicators:

Local authentication followed by privilege escalation patterns

SIEM Query:

source="auth.log" AND ("sudo" OR "su") AND user!="root" AND result="success"

📊 Metadata

CVE ID: CVE-2025-50674

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

EPSS Score: 0.04% exploit probability (10.1th percentile)

Published: August 22, 2025

Last Updated: September 12, 2025

🔗 References

http://openmediavault.com Product
https://gist.github.com/xbz0n/4b98e9291ddd5bb5e6232609e36b2082 Exploit,Third Party Advisory
https://xbz0n.sh/blog/CVE-2025-50674 Exploit,Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50674, you might also want to check these: